It has been over 4 years since AWS implemented the requirement for newer Signature Version 4 (AWS4-HMAC-SHA256) for communicating with s3 buckets. Expect for older regions, this is a mandatory requirement. Due to webmin still using the older signature method, the inbuilt S3 backup mechanism in webmin fails with the below error:
Uploading archive to Amazon's S3 service .. .. upload failed! Invalid HTTP response : HTTP/1.1 400 Bad Request
And when trying to delete a backup, this is the error:
Deleting backup from virtualmin in Amazon S3 bucket xxxxxxx .. .. failed : Failed to delete S3 file : The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256
As of now, the workaround is to install and configure the AWS CLI on the machine after which it seems to work for backup, but the delete option still returns the above error. We have been using this workaround for quite some time hoping it would be updating in webmin soon but is yet to see the light of day. This workaround is neither ideal nor should be a requirement in all situations as this opens up further security layers to manage.
Please fix this behavior with the default configuration of the S3 backup module to make the calls with the newer signature version AWS4-HMAC-SHA256. Do note that all regions including older ones support the newer version signature algorithm.
Comments
Submitted by JamieCameron on Sat, 04/03/2021 - 18:41 Comment #1
Actually we're going to mandate use of the
awscommand in future, as maintaining our own implementation of the S3 API is too much work.Can you delete files from that bucket using the
awscommand when run directly?Submitted by JamieCameron on Sat, 04/03/2021 - 18:45 Comment #2
Actually, it turns out that Virtualmin isn't using the
awscommand when deleting entire buckets! We'll fix this in the next release..