amazon s3: add support for AWS4-HMAC-SHA25 (protocol v4)

leray shared this idea 2 years ago
Open Discussion

new amazon s3 locations support only authentication protocol v4 . Cpanel does not support it and throws an error :

Could not upload test file: InvalidRequest: The authorization mechanism

you have provided is not supported. Please use AWS4-HMAC-SHA25

Please add support for this protocol

http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html

Best Answer
photo

I just checked in, and this has been added to a team's list of goals for version 68, which has just started development. 68 will likely hit CURRENT in early October. As soon as I have any other updates I'll be back!

Comments (12)

photo
3

Guys, this is something that would need to be looked at ASAP. AWS charges for inter-region transfer, so every GB that is transferred to a different region is charged when your server inside AWS. We just realized this big issue in the middle of our migration to AWS. When the server is outside the AWS network, there is no charge for inbound to S3 but now that we are on AWS unless the bucket is in the same region, we will be charged and for the huge amounts of backup data transfer, this is going to cost more than the severs!

Please, please get a fix out this ASAP. You have left us dead in the water. This feature was requested 1 year ago by others and its quite unfortunate to see something this important is not ready yet.

photo
3

Backup to Amazon S3 is performed via the 3rd-party perl module Amazon::S3. Version 0.45 of Amazon::S3 does not support signature version V4 (AWS4-HMAC-SHA25). It only works with Amazon S3 buckets created in the region of US East (N. Virginia).

photo
1

According to http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region, there are 8 Regions that support v2 and v4:

  • US East (Virginia Only)
  • US West (Oregon)
  • US West ( N. California)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • EU (Ireland Only)
  • South America (São Paulo)

photo
photo
3

Thank you for that info David. Since the perl module has not been updated since 2009, it doesn't look like this is ever going to happen from that end. cPanel, could you please use another module, preferably using the AWS CLI commands function to make this happen? This is already fully functional on panels like webmin. Please do something about this!

photo
1

Are you kidding?

ANyone got any advise on creating a UK freindly bucket?

photo
1

A quick update from cPanel Dev: one of our teams will be picking this up in the next few weeks to begin investigation. We will hopefully have a better idea of how much development time this will require, and will be able to make intelligent decisions based on that. I'll be back with more information as soon as I have it!

photo
1

Thank you benny. My only request is, please use the AWS CLI functionality instead of using 3rd party modules/tools to do this. Almost every other control panel makes the full use of the AWS CLI that's installed on the host system to perform these backup move functions.

photo
1

I'll ask to have that be part of their investigation as well, sure! Thanks for bringing it up.

photo
photo
1

Any news on this yet? We have software developed in the UK, which needs to be hosted in the UK to meet certain requirements. So I was very happy when AWS added a London region, however I can't use it because of this!

photo
2

We're still investigating, and trying to get it into version 66, but I'm not positive it's going to land there yet. I'll update you as soon as I know for sure!

photo
photo
1

This needs to be prioritized higher. It's already been 2 years.

photo
1

I just checked in, and this has been added to a team's list of goals for version 68, which has just started development. 68 will likely hit CURRENT in early October. As soon as I have any other updates I'll be back!