AWS presigned URL SignatureDoesNotMatch

Hi!

We are trying to use presigned URLs with AWS. For some reason EG21-G adds port number to StringToSign URL:

Host: iot-platform-ota-job-bucket.s3.eu-west-1.amazonaws.com**:443**

This results 403 signature mismatch error on AWS server.

Presigned URLs should not be manipulated at any level. Can this automatic port adding be avoided by some settings in modem?

@herbert.pan-Q thank you for helping me last time, could you happen to know about this more?

Can you provide a complete AT log

Of cource I am glad try. How do I initiate and download the complete log from modem? Or do you mean just to list all AT-commands I have used in order they are used?

Yes, you execute AT commands and output results

1 Like

Common part for both success and failure cases:

AT
OK
ATE1
OK
AT+QSSLCFG=“sslversion”,1,4
OK
AT+QSSLCFG=“ciphersuite”,1,0XFFFF
OK
AT+QSSLCFG=“seclevel”,1,0
OK
AT+QSSLCFG=“sni”,1,1
OK
AT+QHTTPCFG=“contextid”,1
OK
AT+QHTTPCFG=“requestheader”,0
OK
AT+QHTTPCFG=“responseheader”,0
OK
AT+QHTTPCFG=“sslctxid”,1
OK
AT+QHTTPCFG=“contenttype”,3
OK
AT+QHTTPCFG=“rspout/auto”,0
OK
AT+QHTTPCFG=“closed/ind”,0
OK

Success case:

AT+QHTTPURL=82
CONNECT

{direct S3 URL}
OK
AT+QHTTPGET
OK

+QHTTPGET: 0,200,368128
AT+QHTTPREADFILE=“RAM:testfile”
OK

Failure case:

AT+QHTTPURL=1693
CONNECT

{presigned S3 URL}
OK
AT+QHTTPGET
OK

+QHTTPGET: 0,403
AT+QHTTPREADFILE=“RAM:testfile”
OK

This problem prevents us to use presigned URLs with AWS and is blocking our R&D work.

Hi @aapee
Can I ask if you would use such a long url in normal use?

Presigned url is a requirement. We cannot use encrypted S3 bucket to store OTA file without using presigned url.

Hi @lyman-Q

We are working on this project with @aapee

Is there any solution for this issue, for example a new firmware version?

Kind Regards,
Jouni