AWS CLI listing S3 buckets gives SignatureDoesNotMatch error using IAM user credentials

Question

I am using AWS cli on Ubuntu 16.04 LTS, I am trying to list all buckets. In aws configure I have input the IAM user access key and IAM user secret key. This IAM user has permissions to list bucket and can list bucket in console.But using AWS cli with these keys and running command - aws s3 ls it is giving me this error.

A client error (SignatureDoesNotMatch) occurred when calling the ListBuckets operation: The request signature we calculated does not match the signature you provided. Check your key and signing method.

I have created a policy to list buckets for this particular IAM user also.

I want to perform further sync operations and make all files public operations via a shell script using this IAM user credentials and do not want to use root credential.

Answer 1

Found my issue. I had old AWS keys in my environment variables. If you have environment variables named

AWS_SECRET_ACCESS_KEY
AWS_ACCESS_KEY_ID

the awscli will use those values instead of what is provided via ~/.aws/credentials.

Try running printenv | grep AWS and verify that those values aren't set. If so then just run a

unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID

and you should be good to go.

Answer 2

In my case, this was due to incorrect aws_secret_access_key.

To check, open the file ~/.aws/credentials by typing:

cat ~/.aws/credentials

The content should be something like below:

[default]
aws_access_key_id = xxx
aws_secret_access_key = xx

See if the aws_access_key_id & aws_secret_access_key matches your credentials. If it doesn't, edit and save changes.

p/s: If you don't remember your aws_secret_access_key, generate a new key and secret by going to aws console --> your name --> My Security Credentials.

Then click 'Create access key':

Take note that you can only have two access keys at a time.

Answer 3

This error is because of incorrect aws s3 access key/secret key.

Answer 4

It means that your AWS security credentials got expired. Simply creating new credentials will work.

• Go to your AWS account -> My security credentials
• click on Create New Access Key. Make a note of access key id and secret access key
• Run aws configure and enter new credentials

Answer 5

Can happen even when the machine time is not in sync with the NT server.

sudo ntpdate ntp.ubuntu.com helped me solve this problem.

Answer 6

In my case, I had encryption but was sending the the size the file was before being encrypted. If you got this error and your secret and key are correct, it's worth double checking your md5, mimetype, size, and other attributes

Answer 7

Just check the time on the system on which you are running. make sure it is updated

Answer 8

The issue was with the AWS credentials, i copied the secret from excel file into txt file and some how few of the special character stripped away. Make sure to copy it properly.

Also try restarting the machine and make sure AWS is not set in environment variable, you can check it with printenv | grep 'AWS'

Answer 9

This worked for me (I was trying to download a large file):

aws configure set default.s3.multipart_threshold 1000MB

Answer 10

if you are facing this Error also check the key are the same or different.

in a short time, the best solution is to recreate a new key and change in code with the OLD key working in my case.

After the changes for check use this command.

$ aws configure

-> access key

-> secret key

-> region

-> output formate

$ aws s3 ls

if you can get a list of buckets is available in s3 so the problem solved

Answer 11

Please switch to root user.

In my case I was accessing this command aws s3 ls from standard user and its giving below error:

"AWS CLI listing S3 buckets gives SignatureDoesNotMatch error using IAM user credentials"

then switched to root user by using sudo su command and tried accessing aws s3 ls command it listed s3 bucket names.

Answer 12

For me the problem was the / in my secret_key to get round it pasted the secret key into a .dat file on my pc copied it to the server pg the .dat file on the server and copied the secret key when using aws configure

Answer 13

Fixed it by using --endpoint-url option as stated here: https://github.com/aws/aws-cli/issues/4922

Looks like it is related to the fact that the VM I was on was in a different region than the bucket.

Answer 14

Newbie to Boto3,Python and AWS automation here.

I got the error

"A client error (SignatureDoesNotMatch) occurred when calling the CreateBucket operation: The request signature we calculated does not match the signature you provided. Check your key and signing method." when attempting to programmatically add an S3 bucket to my AWS account.

I use Jupyter as my IDE and spent a lot of time attempting to fix this issue. What I found is that this is related to the default region that is entered into the "config" file in .aws, for some reason the default region was "us-west-2" in my config file and the bucket I was attempting to add was in us-east-2.

I have seen some solutions attempt to correct this with environmental variables but I believe this solution is much simpler.

Answer 15

Using single quotes (') instead of using qutoes (") when exporting the AWS_SECRET_ACCESS_KEY, solved this problem for me using "aws s3 cp" commands.

Answer 16

in my case, i have some typo on the region name. once fixed it, all works fine.

Set the Region name to None first.. then change it back correctly.

Should be good.

Answer 17

My case is different, yesterday these configured keys in my new Mac is working fine but today is not working. I tried comparing with the working old windows system configuration and both looks same. I couldn't understand, I copy pasted from windows to mac again then it's working fine, seems to be some invisible characters might have added.

Answer 18

I had the same error on Windows using PuTTY. The fix was to enclose the aws_secret_access_key in the ~/.aws/credentials file with double quotes ". I think it's because the / in the aws_secret_access_key causes some issues on Windows.