-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v2-alpha: support signature v4 regions #27
Comments
@Pongchaiwat Please tell me if this update works for you. It requires you to specify the region in which the S3 bucket resides, and it enables v4 signatures. If this does not work for you then please tell me which AWS region your S3 bucket is in. |
I use us-east-2. It is not working for me. |
@Pongchaiwat This is working for me with private buckets in us-east-2 (and other regions). Here is how I have this setup, assuming that the JS Explorer files are hosted in an S3 bucket named explorerbucket in us-east-1 (N. Virginia) and you wish to explore the contents of an S3 bucket named ohiobucket in us-east-2 (Ohio):
If you are unable to get this to work then please provide the following:
If needed, please obfuscate your bucket name for privacy reasons. |
Do you add "Principal": { |
@Pongchaiwat A bucket name cannot be a Principal. Principal refers to the entity (IAM user or AWS service) that is requesting access to the resource (the S3 bucket in this case); it does not refer to the resource itself. The place that you need to specify Principal is in the S3 bucket policy of the bucket that hosts the index.html, explorer.css, and explorer.js files. You would configure You don't need an S3 bucket policy on the target bucket because the web page user is supplying AWS credentials and those are sufficient, assuming you have configured the permissions correctly, to provide access to the bucket. I will review the v2-alpha README shortly and try to make things clearer. |
I created IAM user {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1530300536560",
"Action": [
"s3:GetObject",
"s3:ListObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::test-company1",
"arn:aws:s3:::test-company1/*"
]
}
]
} Is it correct? |
@Pongchaiwat I think you're saying the following:
Is that correct? First thing to note is that bucket almost certainly should not allow everyone to put and delete, so you should probably remove those permissions. Allow list and get only. The next thing is that you seem to be hitting the InvalidRequest error while using the regular AWS S3 Console to download a file from your bucket. Which file's S3 link are you clicking and what is the exact link that the browser is failing to open? |
@Pongchaiwat I've updated the README in 7a20e38 to try to clarify how the hosting bucket is configured vs. how the explored buckets are configured. |
The v2-alpha does not support signature v4-only regions, such as Mumbai (ap-south-1). Requests fail with InvalidRequest and "The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256."
The text was updated successfully, but these errors were encountered: