different error code/message while trying to download object with incorrect encryption key
Hi
"I'm attempting to replicate a scenario involving the download of an encrypted object from S3 object storage using an incorrect encryption key.
to get the metadata using
ObjectMetadata in = s3client.getObjectMetadata(getMetadataRequestCustom);
getting below exception
Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: tx000004ed0a1180abf3060-00671fc895-83762684-default; S3 Extended Request ID: null; Proxy: null)
to download the object itself using
s3client.getObject(getObjectRequest).getObjectContent()
getting below exception
Requests specifying Server Side Encryption with Customer provided keys must provide an appropriate secret key. (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: tx000009ca28cfef525aaeb-00671fc894-8376c666-default; S3 Extended Request ID: 8376c666-default-default; Proxy: null)
While both requests appear similar, the first exception's message is less specific. I'm curious if this exception is accurate and informative or if there's a more detailed explanation for the 'Bad Request' error.
Thanks.
1 Reply
The Bad Request
you're seeing in the first output is part of the overall 400 Bad Request
error being thrown by the S3 service. As you may know a 400 HTTP status code indicates an error in the syntax on the client side. You'll see from this list that the 400 Bad Request HTTP status code gets thrown for several different issues including the second exception you shared here.
As to the reason why one error output is more robust than the other - I can't say for sure. It may have something to do with the way the two requests are written. Since getObject(getObjectRequest)
should hit the getObject
endpoint as opposed to the getObjectMetadata
endpoint it may provide a different output. However, I can't say for certain that's the case.
You can always reach out on the AWS Community Site to see if they may have a bit more insight.