I get an error AWS::S3::Errors::InvalidRequest The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256. when I try upload file to S3 bucket in new Frankfurt region. All works properly with US Standard region.

Script:

backup_file = \'/media/db-backup_for_dev/2014-10-23_02-00-07/slave_dump.sql.gz\'
s3 = AWS::S3.new(
    access_key_id:     AMAZONS3[\'access_key_id\'],
    secret_access_key: AMAZONS3[\'secret_access_key\']
)

s3_bucket = s3.buckets[\'test-frankfurt\']

# Folder and file name
s3_name = \"database-backups-last20days/#{File.basename(File.dirname(backup_file))}_#{File.basename(backup_file)}\"

file_obj = s3_bucket.objects[s3_name]
file_obj.write(file: backup_file)

aws-sdk (1.56.0)

How to fix it?

Thank you.

AWS4-HMAC-SHA256, also known as Signature Version 4, (\"V4\") is one of two authentication schemes supported by S3.

All regions support V4, but US-Standard¹, and many -- but not all -- other regions, also support the other, older scheme, Signature Version 2 (\"V2\").

According to http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html ... new S3 regions deployed after January, 2014 will only support V4.

Since Frankfurt was introduced late in 2014, it does not support V2, which is what this error suggests you are using.

http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html explains how to enable V4 in the various SDKs, assuming you are using an SDK that has that capability.

I would speculate that some older versions of the SDKs might not support this option, so if the above doesn\'t help, you may need a newer release of the SDK you are using.

¹US Standard is the former name for the S3 regional deployment that is based in the us-east-1 region. Since the time this answer was originally written, \"Amazon S3 renamed the US Standard Region to the US East (N. Virginia) Region to be consistent with AWS regional naming conventions.\" For all practical purposes, it\'s only a change in naming.

With node, try

var s3 = new AWS.S3( {
    endpoint: \'s3-eu-central-1.amazonaws.com\',
    signatureVersion: \'v4\',
    region: \'eu-central-1\'
} );

You should set signatureVersion: \'v4\' in config to use new sign version:

AWS.config.update({
    signatureVersion: \'v4\'
});

Works for JS sdk.

For people using boto3 (Python SDK) use the below code

from botocore.client import Config


s3 = boto3.resource(
    \'s3\',
    aws_access_key_id=\'xxxxxx\',
    aws_secret_access_key=\'xxxxxx\',
    config=Config(signature_version=\'s3v4\')
)

Similar issue with the PHP SDK, this works:

$s3Client = S3Client::factory(array(\'key\'=>YOUR_AWS_KEY, \'secret\'=>YOUR_AWS_SECRET, \'signature\' => \'v4\', \'region\'=>\'eu-central-1\'));

The important bit is the signature and the region

In Java I had to set a property

System.setProperty(SDKGlobalConfiguration.ENFORCE_S3_SIGV4_SYSTEM_PROPERTY, \"true\")

and add the region to the s3Client instance.

s3Client.setRegion(Region.getRegion(Regions.EU_CENTRAL_1))

For thumbor-aws, that used boto config, i needed to put this to the $AWS_CONFIG_FILE

[default]
aws_access_key_id = (your ID)
aws_secret_access_key = (your secret key)
s3 =
    signature_version = s3

So anything that used boto directly without changes, this may be useful

For Android SDK, setEndpoint solves the problem, although it\'s been deprecated.

CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(
                context, \"identityPoolId\", Regions.US_EAST_1);
AmazonS3 s3 = new AmazonS3Client(credentialsProvider);
s3.setEndpoint(\"s3.us-east-2.amazonaws.com\");

With boto3, this is the code :

s3_client = boto3.resource(\'s3\', region_name=\'eu-central-1\')

and

s3_client = boto3.client(\'s3\', region_name=\'eu-central-1\')

I had been using Django, and I had to add these extra config variables to make this work. (in addition to settings mentioned in https://simpleisbetterthancomplex.com/tutorial/2017/08/01/how-to-setup-amazon-s3-in-a-django-project.html).

AWS_S3_REGION_NAME = \"ap-south-1\"

AWS_S3_SIGNATURE_VERSION = \"s3v4\"