AWS S3 - Privacy Error When Accessing File From Link

I'm working with a team that uses S3 to host content, and they've moved from one bucket for all brands to one bucket for each brand, and now we're having trouble linking to content from the salesforce site.com page. When I copy the link from S3 as HTTPS, I get:> "Your connection"> is not private, attackers may be trying to steal your information s> spiritxpress.s3.varsity.s3.amazonaws.com (eg passwords, messages, or credit cards).

I asked them to compare the settings to what works, and I don't have access to dig into it myself, and we're pretty new to this, so I thought I'd see if there were any known paths down. The id and key have not changed and I can access the content via CyberDuck, it just won't load when reaching the link.

Let me know if more information is needed and I will provide as soon as possible.

[EDIT] The bucket naming convention they use is lowercase and follows meeting rules, but it seems odd to me that they are structured like they named the bucket "brandname.s3.companyname" and when copied it appears as " https : //brandname.s3.company.s3.amazonaws.com/directory/filename "where the other bucket was displayed as" https://s3.amazonaws.com/bucketname/ ......

+3


source to share


3 answers


Whoever made this change was unable to explain how templated certificates work in HTTPS.

Requests to S3 using HTTPS are welcomed with a certificate that identifies itself as "* .s3 [-region] .amazonaws.com" and for the browser to consider this as valid compared to the link you click, there can be no dots in the part of the hostname that matches *

that offered by the certificate. The dotted bucket names are valid, but they cannot be used on the left side of "s3 [-region] .amazonaws.com" in the hostname, unless you are ready and able to accept a certificate that is considered invalid ... they can only be used as the first element of the path.

The only way to make a point buckets own names and wildcard SSL S3 to work together - it's a different format https://s3[-region].amazonaws.com/example.dotted.bucket.name/...

.



If your bucket is not standard with us, you will most likely need to use the region in the hostname for the request to navigate to the correct endpoint, for example. https://s3-us-west-2.amazonaws.com/example.dotted.bucket.name/path...

for a bucket in us-west-2 (Oregon). Otherwise, S3 may return an error telling you that you need to use a different endpoint (and the endpoint they provide in the error message will be valid, but probably not the one you want for SSL).

This is a limitation on how SSL certificates work, not a limitation in S3.

+5


source


Follow this link to learn about both ways to access the cart: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro



0


source


Ok, it looks like it boiled down to some permissions that were skipped and we were able to display the file as expected. Other problems are present, but the present one is resolved as indicated.

-1


source







All Articles