Using CNAME with pre-signed url [aws-java-sdk-s3]

[evredinka]

Hi!

I'm trying to find a way how I can use cname when creating presigned url with java sdk. I am using version 1.11.18.

So far I have:

AWSCredentials credentials = new BasicAWSCredentials(ACCESS_KEY, SECRET_KEY);
AmazonS3 s3Client = new AmazonS3Client(credentials);
s3Client.setRegion(Region.EU_Frankfurt.toAWSRegion());
GeneratePresignedUrlRequest urlRequest = new GeneratePresignedUrlRequest("my.bucket.com", "test.xml", HttpMethod.GET);
URL url = s3Client.generatePresignedUrl(urlRequest);

The code above generates url like:
https://my.bucket.com.s3.eu-central-1.amazonaws.com/test.xml?{query...}

I have configured CNAME my.bucket.com that is resolved to my.bucket.com.s3.eu-central-1.amazonaws.com

The configuration is correct as I am able to access file with http://my.bucket.com/test.xml
Anyway I can't generate pre-signed url that can be accessible using
https://my.bucket.com/test.xml?{query...}

I've tried to set endpoint like this:

s3Client.setRegion(Region.EU_Frankfurt.toAWSRegion());
s3Client.setEndpoint("my.bucket.com");

but with no success, as returned url now looks like
https://my.bucket.com.my.bucket.com/test.xml?{query...}us-east-1
The bucket name is duplicated and the region in query params is different

And this:

s3Client.setEndpoint("my.bucket.com");
s3Client.setRegion(Region.EU_Frankfurt.toAWSRegion());

I got url like:
https://my.bucket.com.s3.eu-central-1.amazonaws.com/test.xml?{query...}eu-central-1
In case I use this url with cname like https://my.bucket.com/test.xml?{query...}eu-central-1 I receive The request signature we calculated does not match the signature you provided

I wonder if there is a possible way to use CNAME with presigned url.

Thanks.

[varunnvs92]

Try to following configuration for s3 client:

AmazonS3Client s3Client = new AmazonS3Client(credentials);
s3Client.setEndpoint(endpoint);
s3Client.setSignerRegionOverride("eu-central-1");

You can try asking this question in stack overflow or AWS forums where other developers might have already solved a similar problem.

[evredinka]

@varunnvs92 thanks for the response!

I've tried what you'd suggested:

AmazonS3Client s3Client = new AmazonS3Client(credentials);
s3Client.setEndpoint("my.bucket.com");
s3Client.setSignerRegionOverride("eu-central-1");

GeneratePresignedUrlRequest urlRequest = new GeneratePresignedUrlRequest("", "test1.txt", HttpMethod.GET);

s3Client.generatePresignedUrl(urlRequest);

Please note that I omit bucket name during pre-signed url generation.

The generated url now looks like:
https://my.bucket.com/test1.txt?{query...}eu-central-1

The my.bucket.com is now resolved correctly and I am able to access the file. Great!

Thanks a lot!

Will close the issue.

[igracia]

@evredinka don't you get a NET::ERR_CERT_COMMON_NAME_INVALID when trying to access your file?