Spaces CDN returns SignatureDoesNotMatch

November 27, 2018 863 views
CDN

Hi! I'm successfully using DO Spaces with an Elixir libarary to build presigned urls:

signed_url =
  AWSAuth.sign_url(
    @access_key,
    @secret_key,
    "get",
    "https://mybucket.ams3.digitaloceanspaces.com/mybucket/0342cfce-f037-49c6-976f-97b2b8ec6f19.pdf",
    "ams3",
    "s3"
  )

This works fine, but I want to use the CDN to speed up the requests. I tried to add .cdn to the URL:

signed_url =
  AWSAuth.sign_url(
    # ...
    "https://mybucket.ams3.cdn.digitaloceanspaces.com/mybucket/0342cfce-f037-49c6-976f-97b2b8ec6f19.pdf",
    # ...
  )

However, this doesn't work – I always get the following error:

<Error>
  <Code>SignatureDoesNotMatch</Code>
  <RequestId>tx000000000000049363e85-005bfd730a-b8ca18-ams3a</RequestId>
  <HostId>b8ca18-ams3a-ams3</HostId>
</Error>

I also tried signing the URL without .cdn and just accessing it with .cdn, but got the same error. What am I doing wrong?

1 comment
  • I have the same question. I am using Laravel which uses the Flysystem library. Pre-signed requests (using Storage::disk('s3')->temporaryUrl('file.jpg', now()->addMinutes(10)) works fine with the origin server, but as soon as I add the .cdn to the URL it behaves exactly the same. I would like to be able to use the CDN, but have turned it off for now :(.

4 Answers

I am interested in the same thing. Is it possible to use the CDN with pre-signed requests?

I'm also having issues with this.

I can setup the S3 client and get a presigned URL like so: (C#)

            var clientConfig = new AmazonS3Config()
            {
                ServiceURL = S3_HOST
            };

            var client = new AmazonS3Client(S3_KEY, S3_SECRET, clientConfig);

            var objects = client.ListObjectsAsync(S3_BUCKET).Result;

            var presigned = client.GetPreSignedURL(new GetPreSignedUrlRequest()
            {
                BucketName = S3_BUCKET,
                Key = objects.S3Objects.First().Key,
                Expires = DateTime.Now.AddHours(1)
            });

However it does not "CDNify" the presigned URL, and adding CDN to it results in it being invalid.

Is there a way to generate CDN Presigned URLs? Without this feature, the Digital Ocean spaces and CDN kind of go out the window for our use case :(

Hi, I'm also having issues with this. I'm using Symfony with Flysystem. I have this configuration:

chd.s3_client:
        class: Aws\S3\S3Client
        arguments:
            -
                endpoint: 'https://ams3.cdn.digitaloceanspaces.com'
                version: 'latest'
                region: 'ams'
                credentials:
                    key: "my_key"
                    secret: "my_secret"

But i always get the same SignatureDoesNotMatch error. If i remove cdn from endpoint it works, but without this, i agree with Coreinsanity, Digital Ocean spaces won't be useful

Have another answer? Share your knowledge.