Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using boto for AWS S3 Buckets for Signature V4

Tags:

python

amazon-web-services

amazon-s3

boto

I have a problem with using Python-Boto SDK for S3 Buckets for region Frankfurt. According to Amazon link this region will only support V4. This document explains how to add V4 support for Boto SDK. I have added a new section:

if not boto.config.get('s3', 'use-sigv4'):
    boto.config.add_section('s3')
    boto.config.set('s3', 'use-sigv4', 'True')

and then I have created new connection and got all buckets:

connection = S3Connection(accesskey, secretkey, host=S3Connection.DefaultHost)
buckets = connection.get_all_buckets()

it works fine, but then I tried to get all keys for my bucket:

for bucket in buckets:
    bucket.get_all_keys()

and I got the following:

S3ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-central-1'</Message><Region>eu-central-1</Region>

Why did it occur? After that I connected to the region and got all needed data:

region_con = boto.s3.connect_to_region('eu-central-1', aws_access_key_id=accesskey, aws_secret_access_key=secretkey)
bucket = region_con.get_bucket(bucket.name)
bucket.get_all_keys()

How can I fix it properly?

like image 362
Oleg Avatar asked Dec 10 '14 11:12

Oleg

1 Answers

hsrv's answer above works for boto 2. For boto3, the following is broadly equivalent:

s3 = boto3.client('s3', region_name='eu-central-1')

Alternatively, you can set the region field in your .aws/config:

[default]
output = json
region = eu-central-1

This sets the default region; you can still pick a specific region in Python as above.

The significance of the region varies from service to service (for example, assuming you're not sat in a VPC, you can access an S3 bucket from anywhere). In this case, however, the important thing is that newer regions (such as Frankfurt) only support the newer authentication scheme (AWS4-HMAC-SHA256). Boto runs into problems if you try to connect to anything in such a region from a region that still uses the old scheme (such as Dublin).

like image 59
Rob Hague Avatar answered Sep 22 '22 23:09

Rob Hague
Sign in to Comment

Related questions

How to wrap a column in a CAST operation
Does networkx keep track of node depths?
PyCharm. Getting the Project Dir in the "Run/Debug Configuration" Window
Flask: Forking Environments
Get text bounding box, independent of backend
Slice pandas DataFrame by MultiIndex level or sublevel
re-importing a module into a pycharm console doesn't update the code unless i delete/restart the console
Syntax error with Python one-liner
atom editor indentation error with Python
Waiting for a row update or row insertion with sqlalchemy
Implementing a "Kurtosis filter" using scipys generic_filter
Python OpenCV: Rubik's cube solver color extraction
Python ImportError: cannot import name __version__
Topological data analysis - where to begin
How do imports work in IPython
Python: How to unit test a custom HTTP request Handler?
Logging using elasticsearch-py
Grouping by everything except for one index column in pandas
setup.py doesn't see my requirements.txt
Sqlite python sqlite3.OperationalError: database is locked

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!