AWS S3 API change

:heavy_exclamation_mark: This post is older than a year. Consider some information might not be accurate anymore. :heavy_exclamation_mark:

Used:   aws-cli 2.28  python 3.8.8 

Amazon Simple Storage Service (Amazon S3) is an object storage service, that can hold any data. You can use Amazon S3 to host a static website. On a static website, individual webpages include static content. This blog uses S3 for instance.

The AWS CLI allows programmatic access to all AWS services like S3.

$ aws --version
aws-cli/2.2.8 Python/3.8.8 Linux/5.13.0-40-generic exe/x86_64.ubuntu.20 prompt/off

After a while, I started writing again and started my gulp pipeline to publish my content to S3. I run to my surprise into this error:

The request signature we calculated does not match
the signature you provided.

Check your AWS Secret Access Key and signing method.

Well it seems something changed on the AWS site. Searching for a solution it has been a pain in the … - lots of red herrings.

  • Just login into your S3 Console.
  • Deactivate or delete the old IAM key.
  • Create a new IAM key.
  • Run aws configure to replace the key.

After this my gulp pipeline works.

The reason is simple. AWS changed their Signature Version. The old keys didn’t support the new signature request.

Amazon S3 supports Signature Version 4, a protocol for authenticating inbound API requests to AWS services, in all AWS Regions. At this time, AWS Regions created before January 30, 2014 will continue to support the previous protocol, Signature Version 2. Any new Regions after January 30, 2014 will support only Signature Version 4 and therefore all requests to those Regions must be made with Signature Version 4. For more information about AWS Signature Version 2, see Signing and Authenticating REST Requests in the Amazon Simple Storage Service User Guide.

To be honest reading Stackoverflow, GitHub issues and other blog posts was a waste of time. Just follow the error message and check the key :stuck_out_tongue_winking_eye:.

The prospect of diving into my gulp pipeline from 5 years ago, made me really sweat. Luckilly the problem was only a new security enhancement.

Please remember the terms for blog comments.