Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for AWS4-HMAC-SHA256 #43

Closed
benjamin-maynard opened this issue Nov 29, 2018 · 6 comments
Closed

Support for AWS4-HMAC-SHA256 #43

benjamin-maynard opened this issue Nov 29, 2018 · 6 comments

Comments

@benjamin-maynard
Copy link

Hi,

Firstly thanks for authoring this adapter. Really is great.

When I was deploying this earlier for my blog, I created an S3 Bucket in eu-west-2, which is the London Region. As per https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region, this S3 region only supports the latest Version 4 signature.

When configuring the ghost-storage-adapter-s3 plugin to point to this S3 endpoint, image uploads lead to the following error message: NAME: InternalServerError CODE: InvalidRequest MESSAGE: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.

Recreating the S3 bucket in the Ireland region, which supports Version 2 makes this error go away. I am unsure if this is a plugin specific issue or related to the AWS-SDK.
@colinmeinke
Copy link
Owner

@benjamin-maynard what does your config look like?

@benjamin-maynard
Copy link
Author

@colinmeinke

Running in Kubernetes, but just the following environment variables:

The exact same config works in eu-west-1, but not eu-west-2

        env {
        name = "AWS_ACCESS_KEY_ID"
        value = "${aws_iam_access_key.benjamin-maynard-io-ghost.id}"
        }
       env {
        name = "AWS_SECRET_ACCESS_KEY"
        value = "${aws_iam_access_key.benjamin-maynard-io-ghost.secret}"
        }        
       env {
        name = "AWS_DEFAULT_REGION"
        value = "${var.k8s_service-benjamin-maynard-io-fe-AWS_DEFAULT_REGION}"
        }     
       env {
        name = "GHOST_STORAGE_ADAPTER_S3_PATH_BUCKET"
        value = "${aws_s3_bucket.benjamin-maynard-io-images.bucket}"
        }
       env {
        name = "GHOST_STORAGE_ADAPTER_S3_ASSET_HOST"
        value = "https://${aws_cloudfront_distribution.benjamin-maynard-io.domain_name}"
        }
       env {
        name = "storage__active"
        value = "s3"
        }

@colinmeinke
Copy link
Owner

@eofs do you have any ideas on this?

@AMD-NICK
Copy link
Contributor

the same issue

@eofs
Copy link
Contributor

eofs commented Jan 17, 2019

Hi!

You need to generate presigned URL when using Version 4 authentication before calling putObject() function. I haven't used V4s personally with JS SDK so not sure how to set it up correctly.

According to documentation you could provide signatureVersion option to new AWS.S3(...) call. So extending options object here by adding signatureVersion: 'v4' could work.

I hope this helps!

colinmeinke pushed a commit that referenced this issue Jan 27, 2019
@AMD-NICK @colinmeinke
Ability to set signatureVersion
3220370 
#43
@colinmeinke
Copy link
Owner

Support added in #45

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@eofs @colinmeinke @AMD-NICK @benjamin-maynard