aws-sdk-java icon indicating copy to clipboard operation
aws-sdk-java copied to clipboard

Published 20 hours ago verified publisher icon aws

Generate presigned URLs with path-style addressing when the bucket has a "." character

Open danielcompton opened this issue 6 years ago • 2 comments

Amazon is planning to deprecate path-style addressing for S3, and strongly encourages the use of virtual-host based addressing. In Amazon S3 Path Deprecation Plan – The Rest of the Story, Jeff Barr said (emphasis mine):

Programmatic Access – If your application accesses S3 using one of the AWS SDKs, you don’t need to do anything, other than ensuring that your SDK is current. The SDKs already use virtual-hosted references to S3, except if the bucket name contains one or more “.” characters.

However, when I create a presigned URL for the bucket bucket.com, using the guide for Generating a presigned Object URL Using the AWS SDK for Java, the SDK creates the URL:

https://bucket.com.s3.ap-southeast-2.amazonaws.com/test-key?X-Amz-Algorithm=AWS4-HMAC-SHA256<...>

This URL causes certificate errors, as S3's wildcard certificate *.s3-ap-southeast-2.amazonaws.com doesn't cover the extra subdomain of bucket in bucket.com.s3.ap-southeast-2.amazonaws.com.

It would be good if the SDK detected bucket names with . characters, and generated a path-style presigned URL.

Relates to #628

danielcompton avatar Sep 24 '19 01:09 danielcompton

This is an interesting one. I know that there are customers either disabling SSL or using a custom hostname verifier for these cases. Changing to path-style could be a breaking change for them as it would change their endpoint out underneath them.

I'll have another conversation with the team on this one. We always strive not to break customers but I can understand how this is going to become only more important as S3 officially moves towards deprecation. We could probably detect the use of HTTPs and lack of a custom hostname verifier to know for sure that changing to path-style would be the correct option.

spfink avatar Sep 30 '19 22:09 spfink

As a workaround you could use code snipped mentioned here: https://github.com/aws/aws-sdk-java-v2/issues/4958#issuecomment-1964402258

ptanov avatar Feb 26 '24 15:02 ptanov

@danielcompton we don't have plans to makes this auto detection change in v1.

We are closing stale v1 issues before going into Maintenance Mode, so if this issue still persists in v2 please open a new issue in the v2 repo. As @ptanov mentioned, you can use the pathStyleAccessEnabled as a workaround.

Reference:

  • Announcing end-of-support for AWS SDK for Java v1.x effective December 31, 2025 - blog post

debora-ito avatar Jul 17 '24 00:07 debora-ito

This issue is now closed.

Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.

github-actions[bot] avatar Jul 17 '24 00:07 github-actions[bot]