Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?
Solution 1
After two days of debugging, I finally discovered the problem...
The key I was assigning to the object started with a period i.e. ..\images\ABC.jpg
, and this caused the error to occur.
I wish the API provides more meaningful and relevant error message, alas, I hope this will help someone else out there!
Solution 2
I get this error with the wrong credentials. I think there were invisible characters when I pasted it originally.
Solution 3
I had the same problem when tried to copy an object with some UTF8 characters. Below is a JS example:
var s3 = new AWS.S3();
s3.copyObject({
Bucket: 'somebucket',
CopySource: 'path/to/Weird_file_name_ðÓpíu.jpg',
Key: 'destination/key.jpg',
ACL: 'authenticated-read'
}, cb);
Solved by encoding the CopySource with encodeURIComponent()
Solution 4
I had the same error in nodejs. But adding signatureVersion
in s3 constructor helped me:
const s3 = new AWS.S3({
apiVersion: '2006-03-01',
signatureVersion: 'v4',
});
Solution 5
This error seems to occur mostly if there is a space before or after your secret key
Related videos on Youtube
Joseph Lam
Updated on February 24, 2022Comments
-
Joseph Lam about 2 years
I have searched on the web for over two days now, and probably have looked through most of the online documented scenarios and workarounds, but nothing worked for me so far.
I am on AWS SDK for PHP V2.8.7 running on PHP 5.3.
I am trying to connect to my Amazon S3 bucket with the following code:
// Create a `Aws` object using a configuration file $aws = Aws::factory('config.php'); // Get the client from the service locator by namespace $s3Client = $aws->get('s3'); $bucket = "xxx"; $keyname = "xxx"; try { $result = $s3Client->putObject(array( 'Bucket' => $bucket, 'Key' => $keyname, 'Body' => 'Hello World!' )); $file_error = false; } catch (Exception $e) { $file_error = true; echo $e->getMessage(); die(); }
My config.php file is as follows:
return [ // Bootstrap the configuration file with AWS specific features 'includes' => ['_aws'], 'services' => [ // All AWS clients extend from 'default_settings'. Here we are // overriding 'default_settings' with our default credentials and // providing a default region setting. 'default_settings' => [ 'params' => [ 'credentials' => [ 'key' => 'key', 'secret' => 'secret' ] ] ] ] ];
It is producing the following error:
The request signature we calculated does not match the signature you provided. Check your key and signing method.
I've already checked my access key and secret at least 20 times, generated new ones, used different methods to pass in the information (i.e. profile and including credentials in code) but nothing is working at the moment.
-
Josh Padnick almost 9 yearsSo, the AWS SDK just implements a bunch of direct API calls. With AWS, every single call you make takes your private key (or
secret
above), and uses that to calculate a signature based on your access key, the current timestamp, plus a bunch of other factors. See docs.aws.amazon.com/general/latest/gr/…. It's a longshot, but given that they include the timestamp, perhaps your local environment's time is off? -
Janaka Bandara almost 4 yearsHappened when we had passed an incorrect size (
Content-Length
) in object metadata. (Long version: we were directly passing the input stream from a JavaHttpServletRequest
to the S3 client, and passing inrequest.getContentLength()
asContent-Length
via metadata; when the servlet was (randomly) receiving chunked requests (Transfer-Encoding: chunked
),getContentLength()
was returning-1
- which ledputObject
to fail (randomly). Obscure; but clearly our fault because we were passing an incorrect object size.) -
Ross Symonds over 3 yearsJosh my laptops time was an hour off (for some reason it was set to Moscow and not London time). Thank you for the help!
-
Satish Patro over 2 yearsFirst time visitor, please go through many answers, there are many scenario in which you will get this error & various solutions given in this page
-
kumarahul over 2 yearsIn my case, for opensearch, i had given different info in path and URL...
-
-
Lo-Tan over 5 yearsI had the state bucket and key backwards and this is the error you get (signature doesn't match). Wtf terraform?
-
Graham over 5 yearsA leading slash also caused this issue for me. You need just path/to/file, not /path/to/file
-
Ufos almost 5 yearsI simply dobuble-clicked on
key_hash_lala/key_hash_continues
and it selected only one part. Alas, how hard is it to tell the user "wrong passsword, dude!"? -
Adam Szmyd almost 5 yearsAnd for me the issue were white spaces inside of key
-
retr0 almost 5 yearsReplacing
/home/user/
with~
and then changing it back again worked for me -
nthaxis almost 5 yearsThe first time I had issues copying the key from the downloadable csv. For the second key i created, I just copied it from the the browser and didn't have any issues
-
LCC almost 5 yearsTo add to this, I was getting this error message when having a plus sign
+
in my key. -
phvish over 4 yearsin my case it was on aws so new
S3( 'key' 'secret', true );
last additional optional useSSL = true needed to set, which by default -
NKCampbell over 4 years+1 to @nthaxis - copying from the .csv caused a failure - copying directly from the browser and it works a treat
-
CyclingDave over 4 yearsIn my case this was caused by having a path in the bucket parameter. Instead of
bucket = "bucketname"
, I hadbucket = "bucketname/something"
. This also gives the Signature does not match error. -
Angel Venchev about 4 yearsI was getting this when I did not provide the
Content-Type
header in my upload file request -
xiawi almost 4 yearsIt looks like this is a real key, that is NOT a good idea to publish on a public website such as SO
-
Parash almost 4 yearsIt was not a real key but just random digits, however on your suggestion, I have made it look more like a total example key. Thank you.
-
craigcaulfield almost 4 yearsThis worked for me. The HTTP verb (PUT, POST) used to generate the signed URL must be the same as the verb used when performing an upload with that URL.
-
Kisinga almost 4 yearsSaved me after long hours. Thank you!!
-
Mr Coder almost 4 yearscan you please add more detail where to ad AWS Sign ?
-
Janaka Bandara almost 4 yearsAlso happens if you pass an incorrect
Content-Length
in the metadata -
Ezrqn Kemboi almost 4 yearsWhen I read the above answer, I double-checked my secret key and realized that I have added / at the end.
-
gpresland almost 4 yearsI had to replace a plus sign (
+
) in my URL with%20
. -
Jose A over 3 yearsI had a problem with spanish tildes
Alegría| note the
í` was throwing an error. -
michal-michalak over 3 yearsHad same problem. Skype sometimes copies values with blank lines. Just paste it to notepad and then copy it without whitespaces.
-
Eino Gourdin over 3 yearsYes ! Check also if you have spaces in any other headers.
-
jpruizs over 3 yearsI had a problem with an extra URL parameter that I was adding to the query string (&version=1.3). Can't have extra parameters
-
Davy over 3 yearsIndeed. More info here: aws.amazon.com/premiumsupport/knowledge-center/…
-
DavidG over 3 yearsTried many things before i stumbled onto this! This was the answer for me.
-
Joël over 3 yearsI was stuck because my file ended right after the secret key, i.e. no line return...
-
Promise Preston over 3 yearsFor me, it was a result of wrong credentials as well. I missed a character in my credentials.
-
AndyS over 3 yearsI had this issue and your suggestion fixed it! Thanks @Sebastian
-
Simon over 3 yearsMine was setting "OriginalFileName" in the header with a leading space / tab
-
maxdangelo about 3 yearsI had a / in the middle of the SERVER_SECRET_KEY and solved after three hours of research...
-
gawkface about 3 yearsfresh access key worked for me too - thankfully i got the hint from reading github.com/aws/aws-sdk-js/issues/86#issuecomment-153433220 and in my case it was SQS that was throwing the exception in the title. The keys I was earlier using (when getting exception) were 97 days old with exclamation mark in the IAM dashboard
-
Ivan Loler almost 3 yearsIn my case, I was making a POST request, instead of PUT (
getSignedUrlPromise
method had an operation parameter 'putObject') -
Yashraj basan almost 3 yearscan you please tell me how you solved that issue? it is working fine in postman but not in nodejs
-
Javier Rojas almost 3 yearsWorked for me, file path ok, every else was ok, currently the same function is in use for other app and never give this error in that app. Thanks, Oleg
-
Toto Briac almost 3 yearsSame, changing
content-type
did the trick. -
Alex Sham over 2 yearsIt is not event a solution. Nobody will wait for hours to upload a file.
-
Ric Hard over 2 yearsCame here having this issue using Minio. I can confirm: HTTP Verb mismatch will trigger a signature fail as well as additional characters somewhere. Take this as an example on how NOT to create API error reportings.
-
purplecity over 2 yearsmy secret key also has + and failed. how to resolve this
-
tbone over 2 yearsThank you for posting this, when I saw "check your key" I was thinking the access key or secret key was wrong. In my case it was the object key (and bucket). So moving around the bucket and object key values as you describe worked. Amazon needs to clarify what key they're complaining about IMO. Thanks again
-
Eric Fu over 2 yearsThanks, worked with me! I also tried to encode the "Key" since the key also contains UTF8 characters, and it ends up in a wrong directory Only encoding the CopySource works just fine.
-
domjancik about 2 yearsAdding to the laundry list of potential causes, for me it was the browser environment itself. Seems that some cookies, possibly from AWS logins may interfere causing this error message. Opening the link in Incognito mode has helped at times with the link then starting to work outside of Incognito too. Basically what I'm saying is that even though the link and associated credentials are 100% correct it can still malfunction and become utterly confusing.
-
Jk33 about 2 yearsThank you! I was using POST instead of PUT... using PUT just worked.
-
Chad Johnson almost 2 yearsThis solved it for me too.
-
Cesc almost 2 yearsfor all of us that use double click to select and copy, it won't copy trailing "+" chars!!
-
Janderson Silva almost 2 yearsFor me there were an invisible \n at the end of AWS_ACCESS_KEY_ID that were causing the error