UpdraftPlus_S3Exception: UpdraftPlus_S3::getBucket(): [SignatureDoesNotMatch]

  • Resolved aidas85

    (@aidas85)


    3 years ago

    Hi team,

    I’ve been using Updraft on a number of sites to back up to S3 for years, but over last couple of days, some backups would fail to be uploaded to S3. This has never happened before.

    S3 settings test result: Failure: We could not successfully access or create such a bucket. Please check your access credentials, and if those are correct then try another bucket name (as another S3 user may already have taken your name).

The error reported by S3 was: UpdraftPlus_S3Exception: UpdraftPlus_S3::getBucket(): [SignatureDoesNotMatch] The request signature we calculated does not match the signature you provided. Check your key and signing method. in /home/[...]/public_html/wp-content/plugins/updraftplus/includes/S3.php:404

    The AWS S3 user access has not changed.

    I’m currently seeing this on version 1.22.10, but interestingly this doesn’t happen on all sites, just a few, including the newly set up ones. Using the same key/secret on multiple sites hosted on the same server.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    Hi,

    Thanks for the report. Currently UpdraftPlus is automatically switching over sites from using one Amazon S3 library to another that has fewer issues. But in your case, it presumably does have an issue. I’ve not seen this one before. (i.e. The reason you have it on some sites and not others, is that it’s the ones that have switched over that have issues).

    1) How did you create the bucket?
    2) What region is it in?
    3) What are its ACLs, i.e. its access policy?
    4) Can you give me a sanitised version of its name in which you swap all the alphanumerics but leave any non-alphanumerics the same?
    5) What permissions dose the IAM user you’re using for access (i.e. the access key / secret key pair) possess?

    With that info I can try to reproduce the issue on our test setup.

    David

    Thread Starter aidas85

    (@aidas85)

    Hi @davidanderson these are the answers to your questions:

    1. Bucket was either created via Terraform or manually in AWS console. It was created at the end of 2019.
    2. us-east-1
    3. Bucket policy in relation to the IAM user (it basically disabled putting objects in several locations in the bucket):

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1634063904434",
            "Effect": "Deny",
            "Principal": {
                "AWS": "arn-of-the-user-which-keys-are-used-in-updraft"
            },
            "Action": "s3:PutObject",
            "Resource": [
                "arn:aws:s3:::xxxxxxxx-xxxxxxx/directory1/*",
                "arn:aws:s3:::xxxxxxxx-xxxxxxx/directory2/*",
                "arn:aws:s3:::xxxxxxxx-xxxxxxx/directory3/*"
            ]
        }
    ]
}

    4. xxxxxxxx-xxxxxxx
    5. IAM user has the following actions allowed:

    "Action": [
                "s3:ReplicateObject",
                "s3:GetObjectAcl",
                "s3:GetObjectVersionAcl",
                "s3:PutObjectTagging",
                "s3:DeleteObject",
                "s3:DeleteObjectTagging",
                "s3:GetObjectRetention",
                "s3:DeleteObjectVersionTagging",
                "s3:GetReplicationConfiguration",
                "s3:ListMultipartUploadParts",
                "s3:PutObject",
                "s3:GetObject",
                "s3:PutObjectVersionAcl",
                "s3:GetObjectVersionForReplication",
                "s3:PutAccelerateConfiguration",
                "s3:DeleteObjectVersion",
                "s3:RestoreObject",
                "s3:ListBucket",
                "s3:GetAccelerateConfiguration",
                "s3:PutEncryptionConfiguration",
                "s3:GetEncryptionConfiguration",
                "s3:GetObjectVersionTorrent",
                "s3:AbortMultipartUpload",
                "s3:GetObjectTagging",
                "s3:PutObjectAcl",
                "s3:ListBucketMultipartUploads",
                "s3:PutObjectVersionTagging",
                "s3:GetBucketVersioning",
                "s3:PutObjectRetention",
                "s3:ReplicateDelete",
                "s3:GetObjectVersion"
            ]

    I’ve also noticed, the we get this error when Updraft is configured to save backups to a folder in the S3 bucket. Providing it’s root (just the bucket name) in S3 location field makes it send the backup to S3 succesfully.

    The S3 config hasn’t recently changed.

    Thanks!

    Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    Hi,

    Thank you. We were able to reproduce this issue, and produce a fix for it on our test setup.

    Please update to UpdraftPlus 1.22.11 when that appears – it should be released in the next few minutes.

    David

    Thread Starter aidas85

    (@aidas85)

    @davidanderson I confirm it all works as expected. Thank you!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘UpdraftPlus_S3Exception: UpdraftPlus_S3::getBucket(): [SignatureDoesNotMatch]’ is closed to new replies.

Tags