AWS S3 access denied when getting image by url

Question

I am working on AWS EC2 Ubuntu Machine and trying to fetch image from AWS S3 but following error has been shown to me every time.

<Error>

<Code>InvalidArgument</Code>

<Message>

Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

</Message>

<ArgumentName>Authorization</ArgumentName>

<ArgumentValue>null</ArgumentValue>

<RequestId>7C8B4BF1CE2FDC9E</RequestId>

<HostId>

/L5kjuOET4XFgGter2eFHX+aRSvVm/7VVmIBqQE/oMLeQZ1ditSMZuHPOlsMaKi8hYRnGilTqZY=

</HostId>

</Error>

Here is my bucket policy

{

 "Version": "2012-10-17",

 "Id": "Policy1441213815928",

 "Statement": [

  {

   "Sid": "Stmt1441213813464",

   "Effect": "Allow",

   "Principal": "*",

   "Action": "s3:GetObject",

   "Resource": "arn:aws:s3:::mytest.sample/*"

  }

 ]

}

Here is the code

require 'aws-autoloader.php';

$credentials = new Aws\Credentials\Credentials('key', 'key');

$bucketName = "mytest.sample";

$s3 = new Aws\S3\S3Client([

    'signature' => 'v4',

    'version' => 'latest',

    'region' => 'ap-southeast-1',

    'credentials' => $credentials,

    'http' => [

        'verify' => '/home/ubuntu/cacert.pem'

    ],

    'Statement' => [

        'Action ' => "*",

    ],

  ]);

$result = $s3->getObject(array(

'Bucket' => $bucketName,

'Key' => 'about_us.jpg',

    ));

Html

<img src="<?php echo $result['@metadata']['effectiveUri']; ?>" />

sqlbot : here I am using default KMS.

   try {

        $result = $this->Amazon->S3->putObject(array(

            'Bucket' => 'mytest.sample',

            'ACL' => 'authenticated-read',

            'Key' =>  $newfilename,

            'ServerSideEncryption' => 'aws:kms',

            'SourceFile' => $filepath,

            'ContentType' => mime_content_type($filepath),

            'debug' => [

                'logfn' => function ($msg) {

                    echo $msg . "\n";

                },

                'stream_size' => 0,

                'scrub_auth' => true,

                'http' => true,

            ],

        ));

    } catch (S3Exception $e) {

        echo $e->getMessage() . "\n";

    }

let me know if you need more.

Answer 1

I have also come across this issue with aws:kms encryption key. What I did was, I changed 'serverSideEncryption' => 'aws:kms' to 'ServerSideEncryption' => 'AES256. So your code should look like:

try {

    $result = $this->Amazon->S3->putObject(array(

        'Bucket' => 'mytest.sample',

        'ACL' => 'authenticated-read',

        'Key' =>  $newfilename,

        'ServerSideEncryption' => 'AES256',

        'SourceFile' => $filepath,

        'ContentType' => mime_content_type($filepath),

        'debug' => [

            'logfn' => function ($msg) {

                echo $msg . "\n";

            },

            'stream_size' => 0,

            'scrub_auth' => true,

            'http' => true,

        ],

    ));

} catch (S3Exception $e) {

    echo $e->getMessage() . "\n";

}

Also, I had to update my bucket policy after implementing the above change.

{

        "Sid": "DenyUnEncryptedObjectUploads",

        "Effect": "Deny",

        "Principal": "*",

        "Action": "s3:PutObject",

        "Resource": "arn:aws:s3:::yourbucketname/*",

        "Condition": {

            "StringNotEquals": {

                "s3:x-amz-server-side-encryption": "AES256"

            }

        }

    }