2

Pretty simple stuff (I thought). I'm attempting to create a pre-signed url that I can then use to download a file. The IAM user these keys correspond to have fullS3Acess until I can figure out why this signature isn't working. 

  def presigned_url
    document = Document.find(params[:id])

    signer = get_presigner
    signer.presigned_url(:get_object, bucket: ENV['S3_BUCKET_NAME'], key: document.s3_path)
  end

  def get_presigner
    credentials = Aws::Credentials.new(
        ENV['FULL_AWS_ACCESS_KEY_ID'],
        ENV['FULL_AWS_SECRET_ACCESS_KEY']
    )
    client = Aws::S3::Client.new(
        region: 'us-west-2',
        credentials: credentials
    )
    Aws::S3::Presigner.new(client: client)
  end

The url returned from the presigned_url method results in a SignatureDoesNotMatch error when I attempt to open it in a browser. Any ideas as to why that is true? I think I've ruled out permissions as the answer, as I've increased that user's IAM permissions to beyond where they should be. Any ideas?

Msencenb
  • 5,675
  • 11
  • 52
  • 84
  • 1
    Permissions are **never** the cause with `SignatureDoesNotMatch` errors. Expiration is checked first, then the signature, and only then are the permissions checked. When the signature does not match, the permissions aren't checked because the request has already been deemed invalid so it wouldn't matter if the permissions had been correct. This error is usually attributable to a copy/paste error in your secret key or an unhandled edge case bug in the SDK involving unusual characters in the URL. – Michael - sqlbot Jan 24 '18 at 05:13
  • Thanks for the info, is there a list somewhere of unusual characters that can't be in the url? I do have spaces and parenthesis in the keys, but I can't imagine those being the issue (although I'll test it). – Msencenb Jan 24 '18 at 15:11
  • The list of accepted characters is here: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html. I did indeed have a colon in my key (which is on the special characters list), but changing that to not include a colon did not solve the issue. – Msencenb Jan 24 '18 at 15:22
  • Gah! @Michael-sqlbot you were absolutely correct. Typo when setting my environment variable for the access key, was using a key from a different project. – Msencenb Jan 24 '18 at 18:28

0 Answers0