minio-dart
minio-dart copied to clipboard
xtyxtyx
AccessKey error
We tested minio with temporary credentials and we are getting the following errors
Reloaded 2 of 1005 libraries in 1,117ms. I/flutter (25842): REQUEST: GET https://s3.amazonaws.com/ I/flutter (25842): host: s3.amazonaws.com I/flutter (25842): user-agent: MinIO (Unknown; Unknown) minio-dart/0.1.5 I/flutter (25842): x-amz-date: 20200612T010115Z I/flutter (25842): x-amz-content-sha256: UNSIGNED-PAYLOAD I/flutter (25842): authorization: AWS4-HMAC-SHA256 Credential=ASIASVFFWV5MSGEXH4JG/20200612/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=329c067014099da6a7dcb51b23480cdca49d18b4733137e78df55a3ebada33dd I/flutter (25842): I/flutter (25842): file path:File: '/storage/emulated/0/DCIM/Camera/VID_20200611_172040.mp4' I/flutter (25842): RESPONSE: 403 Forbidden I/flutter (25842): content-type: application/xml I/flutter (25842): x-amz-request-id: DD0CE16CD6BF51B9 I/flutter (25842): date: Fri, 12 Jun 2020 01:01:13 GMT I/flutter (25842): transfer-encoding: chunked I/flutter (25842): x-amz-id-2: 98BL1oHAXwPJVI1vVSRsXCBJ/Lqru7BaaPk2tlvRn0g/NglEvhGhUwldhEjMmKoRLdDQlB85BFw= I/flutter (25842): server: AmazonS3 I/flutter (25842): I/flutter (25842): <Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided does not exist in our records.</Message><AWSAccessKeyId>ASIASVFFWV5MSGEXH4JG</AWSAccessKeyId><RequestId>DD0CE16CD6BF51B9</RequestId><HostId>98BL1oHAXwPJVI1vVSRsXCBJ/Lqru7BaaPk2tlvRn0g/NglEvhGhUwldhEjMmKoRLdDQlB85BFw=</HostId></Error>
now if I use the same key on the cli it works with the following credentials profile (do not worry they are temporary and have already expired)
[fiteo-upload] aws_access_key_id = ASIASVFFWV5MSGEXH4JG aws_secret_access_key = qAT5hn4vbypoROhTG31bRKn9+9SiaNYaaEUXfOr/ aws_session_token = FwoGZXIvYXdzEOr//////////wEaDEvL5iTJOrRKjkoO5iKeAlvBDm1P+jbKv//FXBE0nNQhqAeVZO1TjvkBGcYrhpXzw4KR1mKfJgFqlgR0BdbOgH832s/sAaG5pmhW889DrujWFWZL6KRWb3oUsOldbqpstT1HNjy0pBS2RFGaquXcR9JdeSUa8HFPJ4Cfsu9oM7RYFriGv18cg/Bbvacq9p7lAmGCTCBX66/osecQxuK8SmPbtObRw5df55HvyLvoKM+G2OYTXB1o1w2QxzoD/nxRrRExJmKFQRWnX2BNugnWl2zzUlJxAMELl0PFJzTxlE7Wgl0lwKCXFEnb795Rp+IatSWkxnBgtKmwEj3Bp8dh824CD1MT5RWu4byzIUUbgopLkZujoWcbucjJSK2HH3j2JHCghb4JyJLIHfqBXVUoiZ2L9wUyLfzzRL0fmY5v0C95MbLgOFgnMdE9CcOmzqwTtAzKRoA6jWwaDonXljIKWtT45w== region = us-east-1
admins-mbp:.aws pdavidoff$ aws s3 ls s3://coacheo-test --profile fiteo-upload PRE 12345/
Having the same issue here. I'm manually making a request to the AWS provided AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable and then getting IAM credentials in our web application.
var _awsCreds await dio.get('http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI').data;
Minio(
// ...
accessKey: _awsCreds['AccessKeyId'],
secretKey: _awsCreds['SecretAccessKey']);
This appears to be an issue with signing the AWS API request with an additional token (aka the session_token from OP)
Docs here explain how to use the security token in the header to sign the API request https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html#RequestWithSTS
Edit* - I only now saw the sessionToken initializer. I imagine thats all I am missing.
