0

My application's deployed across 2 regions, and calling generate_presigned_post from the two regions returns different response shapes. The first returns:

{
    "url": "https://app-1-test-uploads.s3.amazonaws.com/",
    "key": "boo",
    "fields": {
        "key": "boo",
        "x-amz-algorithm": "AWS4-HMAC-SHA256",
        "x-amz-credential": "ASIA.../20240424/eu-west-3/s3/aws4_request",
        "x-amz-date": "20240424T131803Z",
        "x-amz-security-token": "...",
        "policy": "...",
        "x-amz-signature": "..."
    }
}

The other returns:

{
    "url": "https://app-2-test-uploads.s3.amazonaws.com/",
    "key": "boo",
    "fields": {
        "key": "boo",
        "AWSAccessKeyId": "ASI...XU",
        "x-amz-security-token": "...",
        "policy": "...",
        "signature": "..."
    }
}

Why would these be different? Is there a way to keep them constant? The docs seem to indicate that just about anything can be returned for fields, and don't explain how this is controlled.

Improve this question
Recognized by AWS
1
  • It might be to do with Sigv2 vs Sigv4. "Amazon S3 supports Signature Version 4, a protocol for authenticating inbound API requests to AWS services, in all AWS Regions. At this time, AWS Regions created before January 30, 2014 will continue to support the previous protocol, Signature Version 2. Any new Regions after January 30, 2014 will support only Signature Version 4 and therefore all requests to those Regions must be made with Signature Version 4." It's possible the pre-signed URLs are still using Sigv2 in some regions?
    – John Rotenstein
    Commented Apr 24 at 21:22
Related questions
1
c# client.GetPreSignedURL in .net aws sdks using HMACSHA256 instead of AWS4-HMAC-SHA256
1
Get this error when I want to upload file through presigned url in AWS S3
5
Upload to S3 Bucket with Presigned URL gives 403 forbidden error
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Browse other questions tagged or ask your own question.