Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?

I have searched on the web for over two days now, and probably have looked through most of the online documented scenarios and workarounds, but nothing worked for me so far.

I am on AWS SDK for PHP V2.8.7 running on PHP 5.3.

I am trying to connect to my Amazon S3 bucket with the following code:

// Create a `Aws` object using a configuration file
$aws = Aws::factory('config.php');

// Get the client from the service locator by namespace
$s3Client = $aws->get('s3');

$bucket = "xxx";
$keyname = "xxx";

try {
    $result = $s3Client->putObject(array(
        'Bucket' => $bucket,
        'Key' => $keyname,
        'Body' => 'Hello World!'
    ));

    $file_error = false;
} catch (Exception $e) {
    $file_error = true;

    echo $e->getMessage();

    die();
}

My config.php file is as follows:

return [
    // Bootstrap the configuration file with AWS specific features
    'includes' => ['_aws'],
    'services' => [
        // All AWS clients extend from 'default_settings'. Here we are
        // overriding 'default_settings' with our default credentials and
        // providing a default region setting.
        'default_settings' => [
            'params' => [
                'credentials' => [
                    'key'    => 'key',
                    'secret' => 'secret'
                ]
            ]
        ]
    ]
];

It is producing the following error:

The request signature we calculated does not match the signature you provided. Check your key and signing method.

I've already checked my access key and secret at least 20 times, generated new ones, used different methods to pass in the information (i.e. profile and including credentials in code) but nothing is working at the moment.

I had the state bucket and key backwards and this is the error you get (signature doesn't match). Wtf terraform?

A leading slash also caused this issue for me. You need just path/to/file, not /path/to/file

I simply dobuble-clicked on key_hash_lala/key_hash_continues and it selected only one part. Alas, how hard is it to tell the user "wrong passsword, dude!"?

And for me the issue were white spaces inside of key

Replacing /home/user/ with ~ and then changing it back again worked for me

The first time I had issues copying the key from the downloadable csv. For the second key i created, I just copied it from the the browser and didn't have any issues

To add to this, I was getting this error message when having a plus sign + in my key.

in my case it was on aws so new S3( 'key' 'secret', true ); last additional optional useSSL = true needed to set, which by default

+1 to @nthaxis - copying from the .csv caused a failure - copying directly from the browser and it works a treat

In my case this was caused by having a path in the bucket parameter. Instead of bucket = "bucketname", I had bucket = "bucketname/something". This also gives the Signature does not match error.

I was getting this when I did not provide the Content-Type header in my upload file request

It looks like this is a real key, that is NOT a good idea to publish on a public website such as SO

It was not a real key but just random digits, however on your suggestion, I have made it look more like a total example key. Thank you.

This worked for me. The HTTP verb (PUT, POST) used to generate the signed URL must be the same as the verb used when performing an upload with that URL.

Saved me after long hours. Thank you!!

can you please add more detail where to ad AWS Sign ?

Also happens if you pass an incorrect Content-Length in the metadata

When I read the above answer, I double-checked my secret key and realized that I have added / at the end.

I had to replace a plus sign (+) in my URL with %20.

I had a problem with spanish tildes Alegría| note the í` was throwing an error.

Had same problem. Skype sometimes copies values with blank lines. Just paste it to notepad and then copy it without whitespaces.

Yes ! Check also if you have spaces in any other headers.

I had a problem with an extra URL parameter that I was adding to the query string (&version=1.3). Can't have extra parameters

Indeed. More info here: aws.amazon.com/premiumsupport/knowledge-center/…

Tried many things before i stumbled onto this! This was the answer for me.

I was stuck because my file ended right after the secret key, i.e. no line return...

For me, it was a result of wrong credentials as well. I missed a character in my credentials.

I had this issue and your suggestion fixed it! Thanks @Sebastian

Mine was setting "OriginalFileName" in the header with a leading space / tab

I had a / in the middle of the SERVER_SECRET_KEY and solved after three hours of research...

fresh access key worked for me too - thankfully i got the hint from reading github.com/aws/aws-sdk-js/issues/86#issuecomment-153433220 and in my case it was SQS that was throwing the exception in the title. The keys I was earlier using (when getting exception) were 97 days old with exclamation mark in the IAM dashboard

In my case, I was making a POST request, instead of PUT (getSignedUrlPromise method had an operation parameter 'putObject')

can you please tell me how you solved that issue? it is working fine in postman but not in nodejs

Worked for me, file path ok, every else was ok, currently the same function is in use for other app and never give this error in that app. Thanks, Oleg

Same, changing content-type did the trick.

It is not event a solution. Nobody will wait for hours to upload a file.

Came here having this issue using Minio. I can confirm: HTTP Verb mismatch will trigger a signature fail as well as additional characters somewhere. Take this as an example on how NOT to create API error reportings.

my secret key also has + and failed. how to resolve this

Thank you for posting this, when I saw "check your key" I was thinking the access key or secret key was wrong. In my case it was the object key (and bucket). So moving around the bucket and object key values as you describe worked. Amazon needs to clarify what key they're complaining about IMO. Thanks again

Thanks, worked with me! I also tried to encode the "Key" since the key also contains UTF8 characters, and it ends up in a wrong directory Only encoding the CopySource works just fine.

Adding to the laundry list of potential causes, for me it was the browser environment itself. Seems that some cookies, possibly from AWS logins may interfere causing this error message. Opening the link in Incognito mode has helped at times with the link then starting to work outside of Incognito too. Basically what I'm saying is that even though the link and associated credentials are 100% correct it can still malfunction and become utterly confusing.

Thank you! I was using POST instead of PUT... using PUT just worked.

This solved it for me too.

for all of us that use double click to select and copy, it won't copy trailing "+" chars!!

For me there were an invisible \n at the end of AWS_ACCESS_KEY_ID that were causing the error