You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using boto3 v1.42.70 to generate a presigned url for S3 get_object within a lambda function. The boto3 client is initialised with the correct region.
I turned on debug logging in boto and I can see that the host in the signing data is set to the global mybucket.s3.amazonaws.com. The presigned url that is generated is also a global s3 url.
But when I hit that url, I get a 307 redirect to the regional endpoint, which then fails signature validation as the hosts are now different and create a different signature.
I've seen various posts/comments online about setting the addressing_style: "virtual" in the s3 config block on the client - and yes, that appears to have resolved the issue - the host in the signing data is regional and the presigned url is regional - no redirects.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I'm using boto3 v1.42.70 to generate a presigned url for S3
get_objectwithin a lambda function. The boto3 client is initialised with the correct region.I turned on debug logging in boto and I can see that the host in the signing data is set to the global mybucket.s3.amazonaws.com. The presigned url that is generated is also a global s3 url.
But when I hit that url, I get a 307 redirect to the regional endpoint, which then fails signature validation as the hosts are now different and create a different signature.
I've seen various posts/comments online about setting the
addressing_style: "virtual"in the s3 config block on the client - and yes, that appears to have resolved the issue - the host in the signing data is regional and the presigned url is regional - no redirects.But the boto3 code that uses addressing_style in https://github.com/boto/botocore/blob/develop/botocore/signers.py#L982 is internal logic and could change at some point.
Is there a better way to overcome this issue, or is using the addressing_style the ultimate solution?
Many thanks.
Beta Was this translation helpful? Give feedback.
All reactions