WordPress.org

Support

Support » Plugins and Hacks » Issues with Amazon S3 / Digitally signed URLs

Issues with Amazon S3 / Digitally signed URLs

Viewing 15 replies - 1 through 15 (of 31 total)
  • Plugin Author JasWSInc
    Participant

    @jaswsinc

    > I created a IAM user, s2Member, and gave them read only permissions.

    You will want to give s2Member (i.e. your site, which is running the s2Member app) a less restrictive set of permissions. For instance, s2Member (i.e. the IAM user associated with your site) needs the ability to alter permissions through digitally signed URLs that allow folks to gain access. Therefore, if s2Member only has read access this might create a problem.

    ed_monger-rue
    Member

    @ed_monger-rue

    Hi Jason,

    Thank you for the reply. Alas, no joy.

    I went so far as to create a new user, s2Member_S3, and only placing that user in the Admin group. Changed the keys stored within s2M config.

    Is there a way to validate this within the plugin WUI?

    EMR

    Plugin Contributor Cristián Lávaque
    Member

    @anguz

    Try resetting the s2Member integration as described in this article: http://www.s2member.com/kb/reset-the-amazon-s3-cloudfront-integration/

    And then configure the integration again.

    Let me know if that helps. 🙂

    Plugin Author JasWSInc
    Participant

    @jaswsinc

    > Is there a way to validate this within the plugin WUI?

    If the key/secret are invalid when you attempt to download a file protected by s2Member; i.e. ?s2member_file_download=example.zip you should get an error message from the AWS side of things; e.g. invalid access key or similar.

    You reported that there was a white screen, no error, no nothing? If that’s the case you might want to run our server scanner to be sure there’s not something missing from your current hosting environment that s2Member depends on. Please see: https://www.s2member.com/kb/server-scanner/

    ed_monger-rue
    Member

    @ed_monger-rue

    @jaswsinc: All green checkboxes. Mail checked out too.
    @anguz: I didn’t reset as per the instructions but I did create a new Cloudfront key pair that caused the old one to be replaced.

    Now, I’m getting the following message:

    This XML file does not appear to have any style information associated with it. The document tree is shown below.
    <Error>
    AccessDenied
    <Message>Access denied</Message>
    </Error>

    The URL is now being written to point to cloudfront.net

    Let me know If you’d still recommend that I reset the Amazon S3 / CloudFront config.

    ed_monger-rue
    Member

    @ed_monger-rue

    To confirm the IAM user for s2Member is a member of the “PowerUserAccess” policy.

    Also, I’ve checked the perms on the bucket and looks OK.

    Do you have any suggestions? Reset s2M’s S3 config?

    Plugin Author JasWSInc
    Participant

    @jaswsinc

    Do you have any suggestions? Reset s2M’s S3 config?

    Yes, a reset would be my next suggestion also. It sounds like at least one portion of your integration is still denied access in some way.

    Plugin Author JasWSInc
    Participant

    @jaswsinc

    You might also want to test with your root key/secret just to be sure it’s not something other than the user that you’ve selected. If the problems still shows up with the default root key/secret for your AWS account; please let us know about that too.

    ed_monger-rue
    Member

    @ed_monger-rue

    Yes, a reset would be my next suggestion also. It sounds like at least one portion of your integration is still denied access in some way.

    Alas, this had no impacted.

    You might also want to test with your root key/secret just to be sure it’s not something other than the user that you’ve selected. If the problems still shows up with the default root key/secret for your AWS account; please let us know about that too.

    I had to create a new root cert, but this too had no effect. The http://dev.local/?s2member_file_download=test.txt URL is still returning the access denied message.

    Other content is being served from Amazon S3/CDN without issue. I switched the s2M credentials for S3/CDN to the credentials used for non-member CDN and received the same access denied message.

    ed_monger-rue
    Member

    @ed_monger-rue

    I removed the configuration details for Amazon S3/CloudFront and the s2member_file_download=test.txt worked!

    I then added the configuration details back and attempted to delete the distribution and recreate it. I received an error message stating that access was denied from the Amazon distribution. I manually disabled it and will try recreating it.

    ed_monger-rue
    Member

    @ed_monger-rue

    OK! A few more attempts…

    1. Reset all Amazon S3/CDN/CloudFront configurations within s2M
    2. I created a new bucket with a different name.
    3. Copied the contents of the “old” bucket to the new bucket.
    4. Deleted my test file and created a new test file with in the new bucket. I don’t think “file permissions” should be an issue but why the heck not nothing else seems to be working.
    5. Re-watched Video tutorials on setting up Amazon S3/CDN and Amazon S3/CloudFront.
    6. Added Amazon S3/CDN configuration pointing to the new bucket.
    7. Tested getting test file with s2member_file_download. Worked flawlessly!
    8. Added Amazon S3/CloudFront configuration, this time I added DNS cnames for files and streaming.
    9. Tested getting test file with s2member_file_download. Fail! Same error message as before (below). The new cname was used in the URL — I tested the cloudfront.net domain name as well:

    This XML file does not appear to have any style information associated with it. The document tree is shown below.
    <Error>
    AccessDenied
    <Message>Access denied</Message>
    </Error>

    Any thoughts on what I should try next?

    Plugin Author JasWSInc
    Participant

    @jaswsinc

    I’m opening a bug report for this so it can be investigated further.
    https://github.com/WebSharks/s2member/issues/173

    ~ I’ll update you here as soon we’ve been able to reproduce it; or if we need more information to confirm the bug. Thanks for the step-by-step.

    Plugin Author JasWSInc
    Participant

    @jaswsinc

    This issue was investigated at GitHub and some further details were provided. Please see: https://github.com/WebSharks/s2member/issues/173#issuecomment-44248141

    In short, I was unable to reproduce the issue. Please check the details I provided at GitHub. If I missed something that is required to reproduce the bug please let me know at GitHub. Thanks!

    ed_monger-rue
    Member

    @ed_monger-rue

    This issue was investigated at GitHub and some further details were provided. Please see: https://github.com/WebSharks/s2member/issues/173#issuecomment-44248141

    I configured s2Member with my S3 Bucket; using a root Access/Secret Key. Success.

    I was using a IAM account within s2M to access the Amazon S3 bucket. Also, I created a new CloudFront key pair for this test.

    Adding CNAMEs didn’t cause the issue… as a side note there were not CNAMEs previously. Alas, the issue still persists.

    The issue persisted using a new bucket as well as creating new “users” and keys. Do you have any addition suggestions? Without a lot of reporting / logs it hard to narrow down the issue further.

    ed_monger-rue
    Member

    @ed_monger-rue

    Also, there doesn’t appear to be any issue access the bucket without the use of CloudFront.

    W3 Total Cache is also using Amazon S3 without issue.

Viewing 15 replies - 1 through 15 (of 31 total)
  • The topic ‘Issues with Amazon S3 / Digitally signed URLs’ is closed to new replies.