使用ruby aws-sdk gem和预签名pos的SignatureDoesNotMatch

Question

I need some help to get the new ruby AWS S3 SDK 2.0 working. I am using the region eu-central-1 so it is required to use the latest signature method v4 for all requests.

Actually I want to create a presigned post url to use it in combination with jquery-fileupload. I have setup S3 correctly with all access keys, bucket, CORS configuration, etc. But every time I generate a url with the following code

@signer = Aws::S3::Presigner.new
@url = @signer.presigned_url(:put_object, bucket: ENV['S3_BUCKET_NAME'], key: "documents/#{SecureRandom.uuid}/${filename}", acl: :public_read)

which creates the following URL

https://project-xxxxx-staging.s3.eu-central-1.amazonaws.com/documents/a253feb0-4c60-4735-8d95-4649c0d3dcb5/%24%7Bfilename%7D?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJVY57LY6XGIRIRHQ%2F20150205%2Feu-central-1%2Fs3%2Faws4_request&X-Amz-Date=20150205T140425Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&x-amz-acl=public_read&X-Amz-Signature=ff2fbe233ed7380dc745aa7ba37421d7d8703db0d67208541e500367262a8c51

I get the following error

<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>

Does anybody know how to fix this or any hints on the underlying problem?

My environment I am using:

ruby '2.2.0' 
gem 'rails', '4.2.0' 
gem 'aws-sdk', '~> 2.0.21.pre'

Answer 1

A pre-signed URL contains a signature computed from headers and query parameters that would/should be sent. What is likely happening is the jquery uploader is adding a header that Amazon S3 requires to be signed (such as Content-Type). You would need to pre-specify this content type when building the presigned url:

signer = Aws::S3::Presigner.new signer.presigned_url(:put_object, bucket:'name', key:'key', acl:'public-read', content_type:'...')

Also, the correct canned ACL is "public-read", not :public_read . This could also possibly be causing an issue.