Archived Forum Post

Index of archived forum posts

Question:

S3 Bucket Creation With Access Policy

Feb 20 '17 at 23:35

It doesn't look like there is a way to use S3_CreateBucket with an access policy.
I need to create buckets and upload files that are publicly accessible.

Did I miss something or is the plugin missing this important function?


Accepted Answer

Examples to get/put bucket policies were added here: https://www.example-code.com/csharp/amazonS3.asp


Answer

Oh cool, thanks! It would be helpful to have that reference closer to the CreateBucket information.


Answer

The example is not working, however. It's failing to generate the Authorization header properly I guess.
(using the Xojo plugin)

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>AKIAJND3S5Q2POZNPDCQ</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20170216T180821Z
20170216/us-east-1/s3/aws4_request
c150f0ee759457d06ed191f0e21266dc25260007557b7fe08e46eca0a277778e</StringToSign><SignatureProvided>60aa44c416150ccf58a916d173c694afdf65793bc11f82e716c20060603726ac</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 37 30 32 31 36 54 31 38 30 38 32 31 5a 0a 32 30 31 37 30 32 31 36 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 63 31 35 30 66 30 65 65 37 35 39 34 35 37 64 30 36 65 64 31 39 31 66 30 65 32 31 32 36 36 64 63 32 35 32 36 30 30 30 37 35 35 37 62 37 66 65 30 38 65 34 36 65 63 61 30 61 32 37 37 37 37 38 65</StringToSignBytes><CanonicalRequest>PUT
/
policy=
host:testbucket2341asewerou.s3.amazonaws.com
x-amz-content-sha256:907c613bd76320a28a0baa15a3b755ccbcccb0a942ac0329a4ad72ae8980f6b6
x-amz-date:20170216T180821Z

host;x-amz-content-sha256;x-amz-date
907c613bd76320a28a0baa15a3b755ccbcccb0a942ac0329a4ad72ae8980f6b6</CanonicalRequest><CanonicalRequestBytes>50 55 54 0a 2f 0a 70 6f 6c 69 63 79 3d 0a 68 6f 73 74 3a 74 65 73 74 62 75 63 6b 65 74 32 33 34 31 61 73 65 77 65 72 6f 75 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 39 30 37 63 36 31 33 62 64 37 36 33 32 30 61 32 38 61 30 62 61 61 31 35 61 33 62 37 35 35 63 63 62 63 63 63 62 30 61 39 34 32 61 63 30 33 32 39 61 34 61 64 37 32 61 65 38 39 38 30 66 36 62 36 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 31 37 30 32 31 36 54 31 38 30 38 32 31 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 39 30 37 63 36 31 33 62 64 37 36 33 32 30 61 32 38 61 30 62 61 61 31 35 61 33 62 37 35 35 63 63 62 63 63 63 62 30 61 39 34 32 61 63 30 33 32 39 61 34 61 64 37 32 61 65 38 39 38 30 66 36 62 36</CanonicalRequestBytes><RequestId>74EE9318DCC8D9C3</RequestId><HostId>iZua5yTZVNcYAi8MRjxE58wG+vZ0MhUSBy+eEAIzfhfAQ3vdsePdtOqbGp//zofAyyim57AezG8=</HostId></Error>

Answer

Try the pre-release download at http://chilkatdownload.com/prerelease/chilkat.xojo_plugin

If that doesn't help, I'll re-build and re-update the pre-release, but that takes some time.. I recall having trouble with this and fixing something, but I can't remember what or when.


Answer

Still getting 403 Forbidden SignatureDoesNotMatch with the pre-release version.


Answer

The new build will take time -- tomorrow at the earliest. But it may not require a new build.

Look at the example carefully with regards to the region. There are a few places where the region is used or not used, and all must be exactly correct:

1) bool success = rest.Connect("s3-us-west-2.amazonaws.com",port,bTls,bAutoReconnect);

2) authAws.Region = "us-west-2";

3) rest.Host = "chilkat.ocean.s3.amazonaws.com";


Answer

I am using us-east-1 and my own bucket (which I've verified is in US Standard / us-east-1)
I am not getting any connection errors, or errors reported by the plugin, it makes it all the way to the end and the HTTP response is 403 Forbidden, and the content is as I've pasted.

Additionally, do you have any insight as to whether all buckets are created there by default, or if it's an account setting, and how to determine where the bucket is located before I try to set the policy after it's creation?

Test project: https://dl.dropboxusercontent.com/u/10504478/s3testing.xojo_binary_project


Answer

This is something we need badly. This is actually one of the reasons we purchased the plugin. We need to be able to set policies on buckets, and files, we create and upload.


Answer

The Chilkat Forum is the place where users can help other users. It's not the official support channel.

Chilkat prioritizes support based on whether or not support has expired. Priority is given to those with non-expired support.

If a license based on your email address or company domain cannot be found, then this needs to be resolve first. In this case, I'm not able to find a license matching your email addresses or domains. You may send email to support@chilkatsoft.com with your licensing information. (Maybe the purchase was under a different email address, such as a GMail.com address?)

I did test the example, and it worked for me. At this point, I don't know where the problem lies. It could very well be user-error.

In any case, sometimes there are limitations on how quickly a pre-release can be provided. For example, at the moment work is underway relating to TLS and SSH w.r.t. performance and adding chacha20_poly1305. It would be of no benefit to provide a pre-release that has different problems. Chilkat does the best possible, prioritizing based on what is most fair, under the conditions that exist at the time.


Answer

I understand your support policy, it makes sense.

However, I have to ask if you tried the Xojo project demo that I've uploaded.
It creates a new bucket and then fails to get permission to write a policy.