AWS S3 in rails - how to set the s3_signature_vers

2020-08-26 11:09发布

问题:

I'm trying to set up the Amazon Simple Storage Service for use with rails. I'm getting this error message:

The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.

The problem is that I chose the Frankfurt S3 region, and there only the V4 scheme is supported. It's the same error message as in this post, which directs you to the solution here, with instructions how to "set the :s3_signature_version parameter to :v4 when constructing the client". The command is:

s3 = AWS::S3::Client.new(:s3_signature_version => :v4)

My question is, how do I do this? Where do I put this code?

EDIT:

I tried putting :s3_signature_version => :v4 in carrier_wave.rb as follows, but during the upload to heroku it said [fog][WARNING] Unrecognized arguments: s3_signature_version, and it didn't make any difference, I still get the error.

config/initializers/carrier_wave.rb:

    if Rails.env.production?
      CarrierWave.configure do |config|
        config.fog_credentials = {
          # Configuration for Amazon S3
          :provider              => 'AWS',
          :aws_access_key_id     => ENV['S3_ACCESS_KEY'],
          :aws_secret_access_key => ENV['S3_SECRET_KEY'],
          :s3_signature_version  => :v4
        }
        config.fog_directory     =  ENV['S3_BUCKET']
      end
    end

EDIT:

I've created a new bucket using the Northern California region, for which this isn't supposed to be a problem, but I'm still getting exactly the same error message.

EDIT:

This doesn't make any difference either:

    if Rails.env.production?
      CarrierWave.configure do |config|
        config.fog_credentials = {
          # Configuration for Amazon S3
          :provider              => 'AWS',
          :aws_access_key_id     => ENV['S3_ACCESS_KEY'],
          :aws_secret_access_key => ENV['S3_SECRET_KEY']
        }
        config.fog_directory     =  ENV['S3_BUCKET']
        config.fog_attributes = {:s3_signature_version => :v4}
      end
    end

回答1:

I had the problem, that Spree v2.3 was fixated to aws-sdk v1.27.0. But the parameter s3_signature_version was introduced in v1.31.0 (and set per default for China).

So in my case the following configuration for Frankfurt has totally been ignored:

AWS.config(
    region: 'eu-central-1',
    s3_signature_version: :v4
)


回答2:

I found this old question from the other direction, trying to take the advice in https://github.com/fog/fog/issues/3450 and set signature to version 2 (to test a hypothesis). Delving into the source a bit, it turns out the magic phrase is :aws_signature_version => 4, so like this:

    config.fog_credentials = {
      # Configuration for Amazon S3
      :provider              => 'AWS',
      :aws_access_key_id     => ENV['S3_ACCESS_KEY'],
      :aws_secret_access_key => ENV['S3_SECRET_KEY'],
      :aws_signature_version => 4
    }


回答3:

I had this same problem and could not find any guidance on where to implement the s3_signature_version: :v4 command.

In the end, I basically deleted the existing bucket in Frankfurt and created on in the Standard US zone and it works (after updating the permissions policy attached to the user accessing the bucket to reflect that the bucket has changed).

I would love to have the bucket in Frankfurt but I don't have another 16 hours to spend going round in circles with this issue so if anybody is able to add a bit more direction on how to incorporate the s3_signature_version: :v4 line, that would be great.



回答4:

For other users following Michael Hartl's Rails Tutorial: you (might*) need at least v 1.26 of the 'fog' gem. Modify your Gemfile accordingly, and don't forget to '$ bundle install'.

*the reason is that some S3 buckets require authorization signature version 4. In the future probably all of them will, and at least Frankfurt (zone eu-central-1) requires v4 authorization. This has been supported since fog v1.26: https://github.com/fog/fog/blob/v1.26.0/lib/fog/aws/storage.rb