Search code examples

Bucket POST must contain a field named 'AWSAccessKeyId' with SigV4

I am trying to do a simple create_presigned_post using python and boto3.

import boto3
from botocore.config import Config

def s3_upload_creds():
    REGION = 'eu-west-2'
    s3 = boto3.client('s3', 
    aws_secret_access_key=aws_secret_access_key, region_name=REGION, config=Config(signature_version='s3v4'))

    return s3.generate_presigned_post(
        Bucket = bucket,
        Key = key,

upload_fields = s3_upload_creds()

url = upload_fields['url']
upload_fields = upload_fields['fields']

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <form action="{url}" method="post" enctype="multipart/form-data">
          <input type="text" id="x-amz-algorithm" name="x-amz-algorithm" value="AWS4-HMAC-SHA256" /><br />
          <input type="text" id="x-amz-credential" name="x-amz-credential" value="{creds}" /><br />
          <input type="text" id="x-amz-date" name="x-amz-date" value="{date}" /><br />
          <input type="text" id="x-amz-policy" name="policy" value="{policy}" /><br />
          <input type="text" id="signature" name="signature" value="{signature}" />
          <input type="text" id="key" name="key" value="{key}" />

          <input type="file"   name="file" /> <br />
    <input type="submit" name="submit" value="Upload to Amazon S3" />

However I receive this error.

<?xml version="1.0" encoding="UTF-8"?>
    <Message>Bucket POST must contain a field named 'AWSAccessKeyId'.  If it is specified, please check the order of the fields.</Message>

Browsing solutions online I found that if the file is specified before the other fields, it will not work. I have verified that it is not the case on my browser and Postman.

I tried to add the field but it gives me this error.

<?xml version="1.0" encoding="UTF-8"?>
    <Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message>

I do not understand why aws needs AWSAccessKeyId since I can see it at the start of x-amz-credential: AK-----------------R/date/region/s3/aws4_requests

I Have looked at theses: Link Link


  • Thanks Anon Coward for your help.

    The issue come from the html form I used. One of the fields where rename with the name html attribute wrongly, causing and error which message is out of context. The sample above should change name='signature' to name='x-amz-signature'.

    Note that the field names returned from create_presigned_post are:

    • key
    • x-amz-algorithm
    • x-amz-credential
    • x-amz-date
    • policy
    • x-amz-signature