different error code/message while trying to download object with incorrect encryption key

Hi
"I'm attempting to replicate a scenario involving the download of an encrypted object from S3 object storage using an incorrect encryption key.

to get the metadata using

ObjectMetadata in = s3client.getObjectMetadata(getMetadataRequestCustom);

getting below exception

Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: tx000004ed0a1180abf3060-00671fc895-83762684-default; S3 Extended Request ID: null; Proxy: null)

to download the object itself using

s3client.getObject(getObjectRequest).getObjectContent()

getting below exception

Requests specifying Server Side Encryption with Customer provided keys must provide an appropriate secret key. (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: tx000009ca28cfef525aaeb-00671fc894-8376c666-default; S3 Extended Request ID: 8376c666-default-default; Proxy: null)

While both requests appear similar, the first exception's message is less specific. I'm curious if this exception is accurate and informative or if there's a more detailed explanation for the 'Bad Request' error.

Thanks.

1 Reply

The Bad Request you're seeing in the first output is part of the overall 400 Bad Request error being thrown by the S3 service. As you may know a 400 HTTP status code indicates an error in the syntax on the client side. You'll see from this list that the 400 Bad Request HTTP status code gets thrown for several different issues including the second exception you shared here.

As to the reason why one error output is more robust than the other - I can't say for sure. It may have something to do with the way the two requests are written. Since getObject(getObjectRequest) should hit the getObject endpoint as opposed to the getObjectMetadata endpoint it may provide a different output. However, I can't say for certain that's the case.

You can always reach out on the AWS Community Site to see if they may have a bit more insight.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct