Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AmazonS3ClientBuilder, bucket policies, and regions #1107

Closed
bagovino opened this issue Apr 7, 2017 · 4 comments
Closed

AmazonS3ClientBuilder, bucket policies, and regions #1107

bagovino opened this issue Apr 7, 2017 · 4 comments
Labels
guidance Question that needs advice or information.

Comments

@bagovino
Copy link

bagovino commented Apr 7, 2017
edited

Hi,

I've recently been trying to convert over code that uses the older, deprecated AmazonS3Client constructor to use the newer AmazonS3ClientBuilder and I've run into a strange issue with bucket policies and regions. If I create a request to list buckets it works as expected; all buckets in all regions for the account are returned. If I then try to issue a request to get the policy information associated with a bucket created in a region different from the one the client was created with I receive the following exception:

com.amazonaws.services.s3.model.AmazonS3Exception: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'us-east-2' (Service: Amazon S3; Status Code: 400; Error Code: AuthorizationHeaderMalformed; Request ID: 6E6A72061A624467), S3 Extended Request ID: eDvvfakSO4x98fd5r6zQPzE00e8zx7Kmrp8wJaDP27WZMvQVsWq7gb4MVVAlTV++Qi00UMNPWyg=

This code had previously worked. Is this a bug or do we now have to look for region exceptions and correct and reissue the request?

Thanks in advance.
@millems
Copy link
Contributor

millems commented Apr 7, 2017

Were you previously not setting a region on the AmazonS3Client, and now are specifying us-east-1? (Presumably because the client builder doesn't allow excluding the region.)

@bagovino
Copy link
Author

Yup, before they were omitting the region when instantiating the client, but now that a region is required for the builders I was passing in us-east-1.

@millems
Copy link
Contributor

millems commented Apr 10, 2017

To emulate the previous behavior (no region configured), you'll need to also enable "forced global bucket access" in the client builder:

AmazonS3 client = 
        AmazonS3ClientBuilder.standard()
                             .withRegion("us-east-1") // The first region to try your request against
                             .withForceGlobalBucketAccess(true) // If a bucket is in a different region, try again in the correct region
                             .build();

This will suppress the exception you received and automatically retry the request under the region in the exception. It is made explicit in the builder so you are aware of this cross-region behavior. Note: The SDK will cache the bucket region after the first failure, so that every request against this bucket doesn't have to happen twice.

@bagovino
Copy link
Author

That did the trick. Thanks for your help. :)

@srchase srchase added guidance Question that needs advice or information. and removed Question labels Jan 4, 2019
@legiangthanh legiangthanh mentioned this issue Nov 14, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
guidance Question that needs advice or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@srchase @bagovino @millems