Last active
March 31, 2025 15:54
-
-
Save jpillora/260873a1238ee1a80d7b4420689a8716 to your computer and use it in GitHub Desktop.
S3 signed GET in plain bash (Requires openssl and curl)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #set these in your environment/profile (NOT HERE) | |
| AWS_ACCESS_KEY="" | |
| AWS_SECRET_KEY="" | |
| function s3get { | |
| #helper functions | |
| function fail { echo "$1" > /dev/stderr; exit 1; } | |
| #dependency check | |
| if ! hash openssl 2>/dev/null; then fail "openssl not installed"; fi | |
| if ! hash curl 2>/dev/null; then fail "curl not installed"; fi | |
| #params | |
| path="${1}" | |
| bucket=$(cut -d '/' -f 1 <<< "$path") | |
| key=$(cut -d '/' -f 2- <<< "$path") | |
| region="${2:-us-west-1}" | |
| #load creds | |
| access="$AWS_ACCESS_KEY" | |
| secret="$AWS_SECRET_KEY" | |
| #validate | |
| if [[ "$bucket" = "" ]]; then fail "missing bucket (arg 1)"; fi; | |
| if [[ "$key" = "" ]]; then fail "missing key (arg 1)"; fi; | |
| if [[ "$region" = "" ]]; then fail "missing region (arg 2)"; fi; | |
| if [[ "$access" = "" ]]; then fail "missing AWS_ACCESS_KEY (env var)"; fi; | |
| if [[ "$secret" = "" ]]; then fail "missing AWS_SECRET_KEY (env var)"; fi; | |
| #compute signature | |
| contentType="text/html; charset=UTF-8" | |
| date="`date -u +'%a, %d %b %Y %H:%M:%S GMT'`" | |
| resource="/${bucket}/${key}" | |
| string="GET\n\n${contentType}\n\nx-amz-date:${date}\n${resource}" | |
| signature=`echo -en $string | openssl sha1 -hmac "${secret}" -binary | base64` | |
| #get! | |
| curl -H "x-amz-date: ${date}" \ | |
| -H "Content-Type: ${contentType}" \ | |
| -H "Authorization: AWS ${access}:${signature}" \ | |
| "https://s3-${region}.amazonaws.com${resource}" | |
| } | |
| #example usage | |
| s3get my-bucket/a/path/to/my/file > /tmp/file |
This does not work any more. The Amazon returns the error: "The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256."
Author
@kondakovdmitry Not able to test at the moment, can someone test with openssl sha1 -> openssl sha256?
@jpillora no, does not work with sha256
Was able to get this working with sha256 at https://gist.github.com/mmaday/c82743b1683ce4d27bfa6615b3ba2332.
Author
Thanks for the link!
…On Wed, 6 May 2020 at 2:54 am mmaday ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
Was able to get this working with sha256 at
https://gist.github.com/mmaday/c82743b1683ce4d27bfa6615b3ba2332.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://gist.github.com/260873a1238ee1a80d7b4420689a8716#gistcomment-3290912>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE2X46BMZA4PVF5RDAQDJLRQBAEHANCNFSM4MZXUGOA>
.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was looking forever for this. thanks!