Announcement: S3 default integrity change #1240
Comments
|
Seems changing the default breaks AWS S3 Presigned PUTs if you don't explicitly set a checksum? I can see a checksum is added to the headers and when the client attempts an upload it gets: The issue was resolved by setting the config to |
|
Hi @danprueitt, thank you for bringing that to our attention. Sounds like it's a regular S3 presigned PUT requests that are affected? Can you provide us with a reproducer so we can work backwards from it? |
|
@danprueitt I was able to replicate your issue and working on a fix now, thanks for bringing this to our attention. |
|
It looks like this change added the See also: awesomized/crc64fast-nvme#5 |
## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here --> Fixing bug reported in awslabs/aws-sdk-rust#1240 (comment) ## Description <!--- Describe your changes in detail --> ## Testing <!--- Please describe in detail how you tested your changes --> <!--- Include details of your testing environment, and the tests you ran to --> <!--- see how your change affects other areas of the code, etc. --> Updated presigning integ tests to account for behavior specified in SEP, added new test for the user provided checksum case ## Checklist <!--- If a checkbox below is not applicable, then please DELETE it rather than leaving it unchecked --> - [x] For changes to the AWS SDK, generated SDK code, or SDK runtime crates, I have created a changelog entry Markdown file in the `.changelog` directory, specifying "aws-sdk-rust" in the `applies_to` key. ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
|
Fix was merged in smithy-lang/smithy-rs#3971, we are working to release the codegen now and the actual fix should be released in version |
In AWS SDK for Rust v1.69.0, we released changes to the S3 client that adopts new default integrity protections. For more information on default integrity behavior, please refer to the official SDK documentation. In SDK releases from this version on, clients default to enabling an additional checksum on all Put calls and enabling validation on Get calls.
You can disable default integrity protections for S3. We do not recommend this because checksums are important to S3 integrity posture. Integrity protections can be disabled by setting the config flag to
WHEN_REQUIRED, or by using the related AWS shared config file settings or environment variables.Disclaimer: the AWS SDKs and CLI are designed for usage with official AWS services. We may introduce and enable new features by default, such as these new default integrity protections, prior to them being supported or otherwise handled by third-party service implementations. You can disable the new behavior with the
WHEN_REQUIREDvalue for therequest_checksum_calculationandresponse_checksum_validationconfiguration options covered in Data Integrity Protections for Amazon S3.The text was updated successfully, but these errors were encountered: