Get this error when I want to upload file through presigned url in AWS S3

Question

I used

aws s3 presign s3://linvest21-eq/lv-21-eq-report/HTML-Report.html --expires-in 86400 --region us-east-1

to generate a url and I want to send this url to my co-workers to upload some files into AWS S3.

Before sharing the url, I want to test it. So I use

curl --request PUT --upload-file "/path-to-this-file/test.html" "presigned-url" 

to try to upload the file called test.html into S3, but I got this error:

SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your key and signing method.AKIAVXJ****AWS4-HMAC-SHA256 20240312T141043Z 20240312/us-east-1/s3/aws4_request d3625340e61bcc35bb3e1****de27876a72e9daaa33317cf7a2574161c7d50716dc5decac580688f1457f7ddd41 5***** 36PUT /lv-21-eq-report/HTML-Report.html X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVXJFPSS5RY4HCSVN%2F20240312%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240312T141043Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host host:linvest21-eq.s3.us-east-1.amazonaws.com host UNSIGNED-PAYLOAD****G0PNNP5M0W90YS3RY6vYYQ9s7LUMzlXVE7EpKHB7LrvkeVZKPdNuY/4R82t5LteFj0HUcE5S+lsqulu2hL843q2QWqw=

where did I do incorrectly and how to resolve it? Thanks so much!

Answer 1

If you get help for the presign command using aws s3 presign help, you'll see:

Generate a pre-signed URL for an Amazon S3 object. This allows anyone who receives the pre-signed URL to retrieve the S3 object with an HTTP GET request.

You can't use the awscli to generate pre-signed URLs for PUT or POST methods. Neither aws s3 nor aws s3api provides this capability.

You'll have to use an SDK to generate a PUT URL.

Here's an example written in JavaScript, using the v2 SDK:

const AWS = require('aws-sdk');

const s3 = new AWS.S3({
  apiVersion: '2010-12-01',
  signatureVersion: 'v4',
  region: process.env.AWS_DEFAULT_REGION || 'us-east-1',
});

const params = {
  Bucket: 'mybucket',
  Key: 'dogs/snoopy.png',
  Expires: 100000,
  ContentType: 'image/png',
};

const url = s3.getSignedUrl('putObject', params);
console.log(url);

Here's an example in python:

import boto3
from botocore.exceptions import ClientError

s3 = boto3.client(
    's3',
    region_name='us-east-1',
    config=boto3.session.Config(signature_version='s3v4'),
)

try:
    response = s3.generate_presigned_url(
        'put_object',
        Params={
            'Bucket':'mybucket',
            'Key': 'dogs/snoopy.png',
            'ContentType': 'image/png'
        },
        HttpMethod='PUT',
        ExpiresIn=10000)
    print(response)
except ClientError as e:
    print(e)