Amazon S3 Error: SignatureDoesNotMatch

bill · 30 April 2021 14:08

Hi! I have set up the Amazon S3/CDN Storage Option so that I can offer protected downloads.

I can confirm that the S3 Access Key and Secret Key are correct. And I am testing a filename that does not have any spaces, since I know that can be an issue.

Still, if I test a protected link, such as:

`<a href="https://example.com/?s2member_file_download=path/to/file.mp3">download</a>`

I get this error:

<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature    you provided. Check your key and signing method.
</Message>

I have reviewed the other forum posts on this topic, and they are years old and do not provide any help.

How would I debug this? Can you confirm that protected downloads are still working, with a minimum working example on your own site?

Thank you!
Bill

Cralamarre · 30 April 2021 14:24

Just wanted to quickly say that protected downloads are working fine on my site using Amazon S3. No issues.

bill · 30 April 2021 15:05

Thanks! Very glad to hear it, I appreciate it.

Cralamarre · 2 May 2021 16:23

Were you able to resolve the issue?

bill · 3 May 2021 16:17

No, not yet. I have double-checked the keys and they are correct. I don’t know what to do next to debug this error.

How should I proceed?

Cralamarre · 3 May 2021 18:56

I know that if the problem was related to the file name (blank space, incorrect spelling, etc.), you would see a different error:

NoSuchKey
The specified key does not exist.

So all I can think of is that the problem must be related to your Amazon keys, not the file names. Not sure if that helps.

grant · 4 May 2021 17:40

Can you provide console log?
console.log(this.httpResponse)

or

console.log(this.request.httpRequest)

That would help.

From first glance and assuming you are definitely using the correct path to file, there are four things to check and generally could cause this error, but luckily are easy fixes. Starting with the easiest…

First, generate a new set of keys and try with them! (copy n paste) but make sure just copy n paste characters no whitespace!
Make sure you are NOT including an extra HTTPS header (Content-type)
Your header is also calculated as a part of your signature!
Are you using the correct endpoint? Make sure your using the correct region! Endpoint region as in us-east-1. Are you using the correct one for your setup?
Make sure that your IAM user has FULL ACCESS in the group permissions.

Ultimately what I would do is make sure IAM user has full access, even if you have to just for a second, switch to any limited access then switch it right back to full access. Then regenerate keys. Then try link again.