[Cyberduck-trac] [Cyberduck] #11735: Unable to use S3 interface endpoints

Cyberduck trac at cyberduck.io
Sun Jul 18 21:13:33 UTC 2021 

#11735: Unable to use S3 interface endpoints
------------------------+-------------------
    Reporter:  malaval  |      Owner:
        Type:  defect   |     Status:  new
    Priority:  normal   |  Milestone:
   Component:  s3       |    Version:  7.9.2
    Severity:  normal   |   Keywords:
Architecture:           |   Platform:
------------------------+-------------------
 S3 interface endpoints enable to connect to Amazon S3 using a private IP
 address: https://docs.aws.amazon.com/AmazonS3/latest/userguide
 /privatelink-interface-endpoints.html

 I am unable to connect to Amazon S3 using the interface endpoint URL (e.g.
 vpce-0971cacd1f2xxxxxxxxx.s3.eu-west-1.vpce.amazonaws.com) as the server
 hostname. Cyberduck continously tries to authenticate (I see thousands of
 packets in Wireshark) and fails a few minutes later. The issue comes from
 how Cyberduck generates the SigV4 signature, because it considers that
 "vpce" is the region (e.g. HTTP header Authorization is "AWS4-HMAC-SHA256
 Credential=AKIASFI36Y5VXXXXXXX/20210702/vpce/s3/aws4_request" which
 fails).

 I think that two things should be corrected in Cyberduck:
 - Fetch the region differently from the server endpoint URL
 - Consider S3 interface endpoint URL as "special URL" and use this URL
 only (don't use dualstack or North Virginia as the default region to list
 existing S3 buckets)

 As a workaround, I was able to connect to a S3 interface endpoint by:
 - Resolving s3.eu-west-1.amazonaws.com to one of the private IP addresses
 of the interface endpoint (added an entry in the hosts file)
 - Applying the default parameters:
 s3.bucket.virtualhost.disable=true
 s3.endpoint.dualstack.enable=false
 s3.endpoint.format.ipv4=s3.eu-west-1.amazonaws.com

 However, it would be great if Cyberduck could natively support S3
 interface endpoints, without all these tricks.

--
Ticket URL: <https://trac.cyberduck.io/ticket/11735>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list