We have a S3 Bucket where we have stored images and we want to show these image on our Angular component by using image URL. But when we hit the URL , we are getting this error
Error:
Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
How can we load these images on our Angular component using URLs ??
Note: We are hosting this application on Elastic Beanstalk using .Net core project.
Here is the bucket policy:
{
"Version": "2012-10-17",
"Id": "BUCKETPOLICY",
"Statement": [
{
"Sid": "DenyInsecureAccess",
"Effect": "Deny",
"Principal": "*",
"Action": "*",
"Resource": [
"arn:aws:s3:::dev-productimages",
"arn:aws:s3:::dev-productimages/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
Here is Encryption configuration:
CodePudding user response:
You're denying insecure access, but where are you granting access?
Without explicitly granting public access, your objects are accessible only to authenticated users from the owner account. I would rewrite as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAnonymousAccess",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::dev-productimages/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
}
}
]
}
Very important: note that I changed the action to s3:GetObject
.
CodePudding user response:
When you upload the file, you need to set the acl to public read access
https://docs.aws.amazon.com/sdkfornet1/latest/apidocs/html/T_Amazon_S3_Model_S3CannedACL.htm
Example:
var transferUtilityRequest = new TransferUtilityUploadRequest()
{
InputStream = file.OpenReadStream(),
Key = trustedStorageName,
BucketName = bucketName,
CannedACL = S3CannedACL.PublicRead, // Ensure the file is read-only to allow users view their pictures
PartSize = 6291456
};