I'm working on implementing file uploads to AWS S3 from an embedded IoT device and I need to create a signed authorization header for my HTTP PUT requests. Unfortunately, I keep running into a signature mismatch that's resulting in a 403 error.
Here's the authorization header I'm using for the PUT request, which contains a simple string body saying "hello this is a test file." I calculate the hash for it, but despite checking the access key, secret key, and security token—all of which work fine for Kinesis Video Streams—I can't find where the problem lies.
Here's the rough format of my PUT request:
PUT /my/key.txt HTTP/1.1
Host: my-bucket.s3-accelerate.amazonaws.com
Content-Length: 27
Content-Type: text/plain
X-Amz-Content-Sha256: d736345dab82fb01e17b25306ebfabe6c22e00b691a7b8007ad1c70609f36d19
X-Amz-Date: 20250508T083221Z
X-Amz-Security-Token: TOKEN_REDACTED
Authorization: AWS4-HMAC-SHA256 Credential=ASIA************/20250508/us-east-1/s3/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=SIGNATURE_REDACTED.
If anyone has suggestions or insights that could help clarify what I might be missing, I'd really appreciate it! Thanks!
4 Answers
You didn’t mention what programming language you’re using. If there's no SDK available, try mimicking a working request from another language (like Python) to ensure your sigv4 assembly is correct. Did you follow AWS documentation closely when building it yourself?
I've seen similar issues; sometimes the headers ordered in your PUT request can cause issues too. Make sure to verify if you need to move the Host header around.
Check the alignment of your signed headers and request headers; they should match up. Also, verify your host format. The correct format for an accelerated bucket is usually examplebucket.s3..amazonaws.com, so double-check that part.
First thing to check is if your device's clock is synced to UTC. An out-of-sync clock can cause signature mismatches.
Yeah, it's in UTC and it seems to be correct to the second.
Oh yeah, I'm using C. You're right, no SDK. Just a library for sigv4 and then I handle everything manually. Your idea to try with Python sounds good—I'll definitely give that a shot!