AWS SDK for PHP returns error when trying to get objects thru Cloudflare with CNAME (Laravel 5.1)

1
votes

I have Amazon S3 bucket named mysub.domain.com and tryin to put or get data from it thru Cloudflare's CDN (app based on Laravel 5.1 with CodeSleeve/laravel-stapler depends on aws/aws-sdk-php).

My Amazon S3 bucket policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mysub.domain.com/*"
        }
    ]
}

And CORS Configuration:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>
`

My Stapler config for s3:

`
's3_client_config' => [
        ...
        'endpoint'      => 'https://mysub.domain.com',
        ...
    ],
's3_object_config' => [
        'Bucket'        => 'mysub.domain.com',
        ...
],

I've created CNAME for my subdomain to Amazon's S3 bucket on Cloudflare as mentioned in documentation:

mysub.domain.com CNAME mysub.domain.com.s3.amazonaws.com

It work's without endpoint, but not going thru CDN, because using urls like s3.amazonaws.com/mysub.domain.com (path-style), but when i added endpoint it uses https://mysub.domain.com/mysub.domain.com (uses endpoint and bucket name). It must anyway add objects in bucket's path /mysub.domain.com/path/to/file.jpg, but it gaves me an error:

Aws\S3\Exception\SignatureDoesNotMatchException: AWS Error Code: SignatureDoesNotMatch, Status Code: 403, AWS Request ID: ABDC27DF1F472901, AWS Error Type: client, AWS Error Message: The request signature we calculated does not match the signature you provided. Check your key and signing method.

But as i said it works without endpoint.

Is there any way to avoid this error and duplicates of bucket name in url (maybe there's any way to switch it to domain-styled url) Thank you in advance.

1
laravelamazon-s3cloudflarecname
I've already checked that objects available on https://mysub.domain.com.s3.amazonaws.com/path/to/file.jpg, https://s3.amazonaws.com/mysub.domain.com/path/to/file.jpg and https://mysub.domain.com/path/to/file.jpg when puttin them without endpoint option.Jack Bond
Note that if you really intend for the objects to be publicly readable from the bucket (as your bucket policy currently allows), then there is no need for signed URLs at all.Michael - sqlbot

1 Answers

0
votes

It's hard to say for sure with the details provided, but it may be that you have a bucket CNAME setup incorrectly. You may want to look at this Help Center article.

If that doesn't work you should send an email to support[at]cloudflare[dot]com so they can dig deeper.