Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 - The authorization header is malformed; the region 'vpce' is wrong; #3069

Open
grochoge opened this issue Dec 15, 2023 · 3 comments
Open

S3 - The authorization header is malformed; the region 'vpce' is wrong; #3069

grochoge opened this issue Dec 15, 2023 · 3 comments
Assignees
@debora-ito
Labels
bug This issue is a bug. p3 This is a minor priority issue

Comments

@grochoge
Copy link

grochoge commented Dec 15, 2023
edited

Describe the bug

I'm running into this via the Jenkins artifact-manager-s3-plugin, but it appears to ultimately coming from the Java SDK based on someone reporting the issue in aws-amplify/aws-sdk-android#3018.

Expected Behavior

S3 client works with VPC interface endpoints

Current Behavior

GET https://BUCKETNAME.bucket.vpce-0123456789abcdef0-tiydc1f7.s3.us-east-1.vpce.amazonaws.com/?delimiter=/&prefix=BUCKETPREFIX/ HTTP/1.1 failed with code 400, error: AWSError{requestId='XPPHVG85015KESAZ', requestToken='REDACTED', code='AuthorizationHeaderMalformed', message='The authorization header is malformed; the region 'vpce' is wrong; expecting 'us-east-1'', context='{Region=us-east-1, HostId=REDACTED}'}

Reproduction Steps

I have not tried yet, but I suspect adding the following test to aws-java-sdk-core/src/test/java/com/amazonaws/regions/EndpointToRegionTest.java should reproduce the issue but have yet to try:

    @Test
    public void guessRegionForHostname_returnsRegionFromS3VPCEndpoint() {
        verifyRegionAndPartitionForHostname("us-east-1", "aws", "bucketname.bucket.vpce-0123456789abcdef0-tiydc1f7.s3.us-east-1.vpce.amazonaws.com");
    }

Possible Solution

Fix region parsing

Additional Information/Context

No response

AWS Java SDK version used

1.12.586

JDK version used

OpenJDK Runtime Environment Temurin-17.0.9+9 (build 17.0.9+9)

Operating System and version

Docker image jenkins:lts-jdk17
@grochoge grochoge added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 15, 2023
@debora-ito
Copy link
Member

@grochoge thank you for reaching out. You are probably running into the same issue reported here - #2858 (comment)

The SDK 1.x logic that tries to guess the region from an endpoint does not work for vpce endpoints.

Which S3 API are you calling?

@debora-ito debora-ito added response-requested Waiting on additional info or feedback. Will move to "closing-soon" in 5 days. and removed needs-triage This issue or PR still needs to be triaged. labels Dec 19, 2023
@debora-ito debora-ito self-assigned this Dec 19, 2023
@grochoge
Copy link
Author

In the case mentioned originally it's listing the bucket. But we'll also need getting/putting objects and creating signed URLs.

@github-actions github-actions bot removed the response-requested Waiting on additional info or feedback. Will move to "closing-soon" in 5 days. label Dec 20, 2023
@767604
Copy link

767604 commented Dec 29, 2023

we will forewed to senior

@debora-ito debora-ito added the p3 This is a minor priority issue label Feb 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@debora-ito debora-ito

Labels
bug This issue is a bug. p3 This is a minor priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@debora-ito @grochoge @767604