AWS4-HMAC-SHA256 Support #402
Comments
|
+1 |
|
+1 |
|
Yeah, in the meantime you might be able to use awscli instead if you have to work with buckets in the new region. |
|
+1 for buckets in Frankfurt |
2 similar comments
|
+1 for buckets in Frankfurt |
|
+1 for buckets in Frankfurt |
|
I had a look and implementing the support for AWS4 signing method is not exactly straightforward. I started some prep work at https://github.com/mludvig/s3cmd - extracted the existing v2 signing and prepared the landscape for v4 signing. Now only need someone to finish the v4 stuff. If you wait for me it may take a while :-( |
|
+1 |
|
Well, too bad - what's the big deal about s3cmd when one can use aws-cli, anyways? |
|
+1 |
|
+1 for me too please |
|
For listing content, ok. |
|
Take a look at: http://munin-monitoring.org/browser/munin-contrib/plugins/s3/s3_items This uses a perl script to communicate with s3. |
|
And an alternative to du is: aws s3 ls s3://my-bucket-name --recursive | grep -v -E "(Bucket: |Prefix: |LastWriteTime|^$|--)" | awk 'BEGIN {total=0}{total+=$3}END{print total/1024/1024" MB"}'Which you can easily put in an alias. (taken from: http://stackoverflow.com/a/21372023/189431) |
|
With all the S3 regions switching to AWS4 in January, s3cmd will have to That's a kind of bitrot too. The problem is, we have very few s3cmd On Tue, Nov 4, 2014 at 4:29 AM, Koen Punt notifications@github.com wrote:
|
|
http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html On Tue, Nov 4, 2014 at 6:41 AM, Matt Domsch matt@domsch.com wrote:
|
|
http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python On Tue, Nov 4, 2014 at 6:50 AM, Matt Domsch matt@domsch.com wrote:
|
|
@koenpunt thanks for the tips. |
|
+1 |
1 similar comment
|
+1 |
|
Hello Sirs. |
|
Yup. +1. :/ |
|
+1 - Matt, do you know when you guys will release rc2 with v4 support? |
|
Someone needs to actually write it... One question I have in the v4 support - how can we know the region a bucket On Wed, Nov 12, 2014 at 4:44 AM, scottemackenzie notifications@github.com
|
|
Could just do the protocol dance like SSL does. Start at the most secure auth and work down to the least.
|
|
In aws cli you have to set the region in the config file or provide it via command line parameter |
|
AWS has provided me with this response to the question provided by Matt, "how can we know the region a bucket is in, which must be included in the v4 signature?" Does this help? ============ AWS Response =================== To determine location of a bucket, you can use API call “GET Bucket location”. Syntax is: GET /?location HTTP/1.1 For your code part, if you use the AWS SDKs to send your requests, you don't need to make changes since the SDK clients authenticate your requests by using access keys that you provide. In regions that support both signature versions, you can request AWS SDKs to use specific signature version. If you are implementing the AWS Signature Version 4 algorithm in your custom client, you can express authentication information by using either “HTTP Authorization header” or “Query string parameters”. For more details, please refer to the links below: |
|
Unless we are going to using some kind of lookup which will inevitably be On 12 November 2014 10:26, scottemackenzie notifications@github.com wrote:
|
|
The problem is, the authorization string noted here, in version 4, contains I hope one can issue the Get Bucket Location call to any region (e.g. On Wed, Nov 12, 2014 at 12:26 PM, scottemackenzie notifications@github.com
|
|
I was using the wrong regio. Apparently Frankfurt is eu-central-1 i.s.o. eu-west-1. |
|
@vamitrou I've done some limited testing with ls and sync against a bucket in eu-central-1 and so far it seems to work fine. |
|
+1 for buckets in Frankfurt |
|
I'm sure @kwo is rooting for the support in s3cmd. Also no seed to repeat comments, that will pollute comment threads.. |
|
OK everyone. With huge thanks to Vasileios Mitrousis (vamitrou) who wrote Thanks, On Mon, Dec 15, 2014 at 4:52 AM, Jan Raasch notifications@github.com
|
|
The work is merged to upstream master branch. Closing. Please open a new bug on any failures you encounter. |
|
We were getting a bunch of location redirects (which are handled, but which slow down requests). Using --region wasn't enough to avoid the redirects because cfg.host_base and cfg.host_bucket were still defaulting from the .cfg file. I've pushed a couple patches to github.com/mdomsch/s3cmd bug/region-endpoints branch so that we can avoid redirects using --region, or if we do get a redirect, we get only one. Please give that a try and if good, I'll merge. |
|
@mdomsch you wrote "With all the S3 regions switching to AWS4 in January, s3cmd will have to Thanks in advance! |
|
http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html "Amazon S3 supports Signature Version 4, a protocol for authenticating This includes at least Frankfurt (eu-central-1). On Mon, Jan 26, 2015 at 4:20 PM, David Joerg notifications@github.com
|
|
Thanks @mdomsch, feel much better now. If I'm reading this right, no regions are switching per se, and regions that currently support AWS Sig V2 will continue to do so. (Note they are referring to last January not this upcoming January). For my own very limited purposes this is great news. But I certainly understand why software such as s3cmd (thank you it's awesome!) must start supporting AWS Sig V4 now. |
|
Has it been finally released? I'm facing the same error. |
|
@Ajaxy According to the merge date, this should be included in v1.5.0 upwards. |
|
Seems that it's missed in package from |
|
The chance that you get anything recent using apt-get is rather slim, unless you use a custom source. |
|
It's in very new Ubuntu. Otherwise, install it from pip or from github. On Thu, Jul 23, 2015 at 2:20 PM, Felix Bünemann notifications@github.com
|
|
@Ajaxy @felixbuenemann I can confirm this patch did not make into @mdomsch In the future it would help a lot of you could make sure an issue refers to a GIT commit (or pull request) before closing an issue. It took me 30 minutes of detective work on my side to figure this out. Simply looking up which tags contained a commit would have been so much easier... ;) |
|
@JensRantil Well, I meant v1.5.0 (released in January), not v1.5.0-alpha1 (released in 2013). |
|
Still facing this error with v1.6.1 |
|
You probably forgot to specify the region, it's mandatory for AWS4 auth. |
How to ? I specified region but still facing the error: $ aws --region us-east-1 s3 cp <src> s3://<dest>
A client error (InvalidRequest) occurred when calling the CreateMultipartUpload operation: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256. |
|
@ngtuna "aws s3" client is another tool, here it is the project "s3cmd" that your run with commands like: |
|
@fviard ah my mistake. Also I just figured out I install wrong version of aws s3 cli. |
|
I solved this issue by simply adding my bucket region in my |
|
+1 |
and others
I'm trying to connect a bucket in the new eu-central-1 region (Frankfurt), but it seems it uses a newer authentication scheme that's not supported by 1.5.0-rc1:
Also note that the endpoint is named s3.eu-central-1.amazonaws.com (dot after s3 instead of dash).
The text was updated successfully, but these errors were encountered: