[Cyberduck-trac] [Cyberduck] #11735: Unable to use S3 interface endpoints
Cyberduck
trac at cyberduck.io
Sun Jul 18 21:13:33 UTC 2021
#11735: Unable to use S3 interface endpoints
------------------------+-------------------
Reporter: malaval | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: s3 | Version: 7.9.2
Severity: normal | Keywords:
Architecture: | Platform:
------------------------+-------------------
S3 interface endpoints enable to connect to Amazon S3 using a private IP
address: https://docs.aws.amazon.com/AmazonS3/latest/userguide
/privatelink-interface-endpoints.html
I am unable to connect to Amazon S3 using the interface endpoint URL (e.g.
vpce-0971cacd1f2xxxxxxxxx.s3.eu-west-1.vpce.amazonaws.com) as the server
hostname. Cyberduck continously tries to authenticate (I see thousands of
packets in Wireshark) and fails a few minutes later. The issue comes from
how Cyberduck generates the SigV4 signature, because it considers that
"vpce" is the region (e.g. HTTP header Authorization is "AWS4-HMAC-SHA256
Credential=AKIASFI36Y5VXXXXXXX/20210702/vpce/s3/aws4_request" which
fails).
I think that two things should be corrected in Cyberduck:
- Fetch the region differently from the server endpoint URL
- Consider S3 interface endpoint URL as "special URL" and use this URL
only (don't use dualstack or North Virginia as the default region to list
existing S3 buckets)
As a workaround, I was able to connect to a S3 interface endpoint by:
- Resolving s3.eu-west-1.amazonaws.com to one of the private IP addresses
of the interface endpoint (added an entry in the hosts file)
- Applying the default parameters:
s3.bucket.virtualhost.disable=true
s3.endpoint.dualstack.enable=false
s3.endpoint.format.ipv4=s3.eu-west-1.amazonaws.com
However, it would be great if Cyberduck could natively support S3
interface endpoints, without all these tricks.
--
Ticket URL: <https://trac.cyberduck.io/ticket/11735>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list