Skip to content
This repository has been archived by the owner on Aug 27, 2023. It is now read-only.

S3 pre signed URLs inconsistently working #329

Open
IdrisMiles opened this issue Feb 28, 2023 · 2 comments
Open

S3 pre signed URLs inconsistently working #329

IdrisMiles opened this issue Feb 28, 2023 · 2 comments

Comments

@IdrisMiles
Copy link

Hello, I'm testing this package out with an S3 backend storage, the server is also running on an EC2 instance with an IAM role that has full access to the S3 bucket. I'm relying on the instances IAM role rather than explicitly providing aws credentials.

However I'm finding when I do a pip install, I sometimes get a 403 error, and then after several minutes it starts to work, but after a few more minutes it stops working again. The cycle continues...

pip install command:

pip install --index-url http://<pypicloud server>/simple --trusted-host <pypicloud server> sparro-services

This is the error I get:

ERROR: Could not install requirement sparro-services from http://<pypicloud server>/api/package/sparro-services/sparro_services-2.0.0-py3-none-any.whl#sha256=bd70c243322381b7165e0c0eb056be20e4c598e0c8fce2d47263s89c4707fs9e because of HTTP error 403 Client Error: Forbidden for url: ...

When I follow the forbidden URL I get this message:

<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>

This is my server.ini:

[app:main]
use = egg:pypicloud

pyramid.reload_templates = False
pyramid.debug_authorization = false
pyramid.debug_notfound = false
pyramid.debug_routematch = false
pyramid.default_locale_name = en

pypi.default_read =
    everyone
pypi.default_write =
    authenticated

pypi.storage = s3
#storage.aws_access_key_id = 
#storage.aws_secret_access_key = 
storage.bucket = <pypi bucket>
storage.region_name = eu-west-2
#storage.redirect_urls = false

db.url = sqlite:///%(here)s/db.sqlite

...
# wsgi/logging config below

Any help would be much appreciated, this seems like a really useful setup just struggling to get it working consistently.
Let me know if you need any more details.
@IdrisMiles
Copy link
Author

I should add I'm running:

  • Python 3.7.16
  • pypicloud 1.3.12

@IdrisMiles
Copy link
Author

I'm now opting to use the production config ppc-make-config -p prod.ini
And explicitly creating an IAM user and using its creds rather than relying on the EC2 instances IAM role.
So far it seems to be a lot more stable, I've not faced any SignatureDoesNotMatch issues. Will keep monitoring and testing

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@IdrisMiles