Backend boto3 and signature v4

[jibaku]

I'm trying to use S3 with django-storages==1.5.0 and boto3==1.4.0, but I still have the same issue as with boto. Errors regarding the signature :

Missing required header for this request: x-amz-content-sha256

My conf :

DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
AWS_S3_REGION_NAME = 'eu-west-1'
AWS_S3_HOST = 's3.eu-west-1.amazonaws.com'
AWS_S3_SIGNATURE_VERSION = 'v4'

If someone has the solution, it would be a pleasure to create a merge request to update the documentation regarding this point.

[bstempi]

+1, this still seems to be an issue when dealing with eu-central-1.

[hugodes]

same issue here

I can't use s3v4 signatures wether I use both or boto3, if anyone has an idea, your help is welcome.

[sdeleeuw]

See my comment here:
#28 (comment)

This worked for me.
I think that AWS_S3_SIGNATURE_VERSION should be set to 's3v4'.

[gyermolenko]

@sdeleeuw thanks
I use Frankfurt region for bucket and I had this error:
botocore.exceptions.ClientError: An error occurred (InvalidRequest) when calling the PutObject operation: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.

Your comment about AWS_S3_SIGNATURE_VERSION = 's3v4' solved it for me

[jibaku]

@gyermolenko @sdeleeuw I created a small documentation patch to help other user that encounter the same issue.

[jleclanche]

Anyone opposed to switching AWS_S3_SIGNATURE_VERSION to "s3v4" by default?

[gyermolenko]

just for info: Signature Version 4 is the current AWS signing protocol.
http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
AWS regions created before January 30, 2014 will continue to support the previous protocol, Signature Version 2. Any new regions after January 30, 2014 will support only Signature Version 4 and therefore all requests to those regions must be made with Signature Version 4.

[afk-mario]

AWS_ACCESS_KEY_ID = env('AWS_ACCESS_KEY_ID')
AWS_SECRET_ACCESS_KEY = env('AWS_SECRET_ACCESS_KEY')
AWS_STORAGE_BUCKET_NAME = env('AWS_STORAGE_BUCKET_NAME')
AWS_QUERYSTRING_AUTH = False
AWS_PRELOAD_METADATA = True
AWS_S3_REGION_NAME = 'us-east-2'
AWS_S3_SIGNATURE_VERSION = 's3v4'

I have this configuration & I still have the following error, am I missing something?
>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256

[gyermolenko]

@Arlefreak could you please specify versions of boto/boto3, storages?

[afk-mario]

boto==2.47.0
boto3==1.4.4
django-storages==1.5.2

[gyermolenko]

@Arlefreak
to gain more info you could probably try manual configuration from interpreter, like that

import boto3
from botocore.client import Config

# Get the service client with sigv4 configured
s3 = boto3.client('s3', config=Config(signature_version='s3v4'))

[afk-mario]

I don't get any error uploading a file using the boto3 client directly

[jschneier]

I have opened #335 which change the default signature version for boto3. I'm seeing a lot of conufsion in this thread with things like AWS_S3_HOST and AWS_S3_SIGNATURE_VERSION both set which are each individually used by only 1 backend.

If you could look at #335 before I merge it in the morning and let me know if it doesn't fix anyone's problem that would be wonderful.

[PyJava-Nikhil]

Thanks @sdeleeuw

[tushar-kale-jiem]

using SDK 3.58.0 and getting [signature_version] => s3v4.
need to know the difference between s3v4 and v4.

[andersonmatheus]

See my comment here:
#28 (comment)

This worked for me.
I think that AWS_S3_SIGNATURE_VERSION should be set to 's3v4'.

You're a lifesaver! Thank you!

[jschneier]

Unfortunately that update broke things. However it will become the default in a future release, there needs to be a warning first though.