Skip to content

After updating an EC2 app to v3.7.101.61 of AWSSDK.S3, uploading to S3 results in signature error. V4.x.x.x gives the same result. #3821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task
bradstiff opened this issue May 16, 2025 · 3 comments
Open
1 task

After updating an EC2 app to v3.7.101.61 of AWSSDK.S3, uploading to S3 results in signature error. V4.x.x.x gives the same result. #3821

bradstiff opened this issue May 16, 2025 · 3 comments
Assignees
@ashishdhingra
Labels
bug This issue is a bug. investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 This is a standard priority issue s3

Comments

@bradstiff
Copy link

bradstiff commented May 16, 2025
edited
Loading

Describe the bug

My ASP.NET core app runs on an EC2 instance. No specific credentials are provided in the configuration.

After updating the AWS SDK from v3 to v4, I get the following error when the app tries to upload an object to S3:

Amazon.S3.AmazonS3Exception: The request signature we calculated does not match the signature you provided. Check your key and signing method.

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

It should work like it did previously.

Current Behavior

Object upload to S3 fails.

Reproduction Steps

Service configuration in Startup.cs looks like this:

services.AddDefaultAWSOptions(Configuration.GetAWSOptions());
services.AddAWSService<IAmazonS3>();

Configuration section in appsettings.json looks like this:

"AWS": {
    "Region": "us-east-2"
},

Possible Solution

No response

Additional Information/Context

No code was changed.

No permissions were changed.

EC2 Instance role is the same.

AWS .NET SDK and/or Package version used

Previous package versions:

    <PackageReference Include="AWS.Logger.AspNetCore" Version="3.3.0" />
    <PackageReference Include="AWSSDK.Extensions.NETCore.Setup" Version="3.7.2" />
    <PackageReference Include="AWSSDK.S3" Version="3.7.101.21" />

New package versions (where the error occurs):

    <PackageReference Include="AWS.Logger.AspNetCore" Version="4.0.0" />
    <PackageReference Include="AWSSDK.Extensions.NETCore.Setup" Version="4.0.0" />
    <PackageReference Include="AWSSDK.S3" Version="4.0.0.4" />

Targeted .NET Platform

.NET 9

Operating System and version

64bit Amazon Linux 2023 v3.4.1 running .NET 9
@bradstiff bradstiff added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 16, 2025
@ashishdhingra ashishdhingra added investigating This issue is being investigated and/or work is in progress to resolve the issue. s3 and removed needs-triage This issue or PR still needs to be triaged. labels May 16, 2025
@ashishdhingra ashishdhingra self-assigned this May 16, 2025
@ashishdhingra ashishdhingra added the p2 This is a standard priority issue label May 16, 2025
@ashishdhingra
Copy link
Contributor

@bradstiff Good afternoon. Thanks for opening the issue. Could you please share minimal reproducible project to troubleshoot the issue?

In V4, we always default to SigV4 for signing requests (refer #3362). There was also a campaign to deprecate SigV2 for new buckets.

Are you by any by any chance:

  • Using SigV2?
    • If yes, using new S3 bucket which disallows SigV2 per above campaign?
  • Have AWS Options configured in appsettings.json file?
  • IAM policy that restricts to use specific signature version.

Thanks,
Ashish

@ashishdhingra ashishdhingra added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label May 16, 2025
@bradstiff
Copy link
Author

Since this is most likely caused by AWS configuration details and/or a bug within the SDK, I don't think a code example is practical.

I don't know if I am using SigV2 or not.

The bucket has existed for five years.

I have already provided the full code that configures the IAmazonS3 service in the DI container, including the relevant options in the appsettings.json file.

No signature version policy restrictions exist.

The code where the error occurs looks like this, where _s3Client is an instance of IAmazonS3 that is injected by the DI container:

            var fileTransferUtility = new TransferUtility(_s3Client);
            using (var stream = new MemoryStream())
            {
                await fileTransferUtility.UploadAsync(stream, _photoBucket, $"{id}.jpg"); <---FAILS HERE
            }

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label May 17, 2025
@bradstiff
Copy link
Author

I found this is not a v4 issue.

I tried to narrow down the version of AWSSDK.S3 where it starts breaking.

3.7.10.1 works
3.7.101.61 (not a typo) does not work

There are over 60 versions between those two versions; I did not have time to be more specific.

@bradstiff bradstiff changed the title After updating an EC2 app to v4 of the SDK, uploading to S3 results in signature error After updating an EC2 app to v3.7.101.61 of AWSSDK.S3, uploading to S3 results in signature error. V4.x.x.x gives the same result. May 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ashishdhingra ashishdhingra

Labels
bug This issue is a bug. investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 This is a standard priority issue s3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bradstiff @ashishdhingra