Generating an AWS Signature v4 signature for uploading to s3 (migration from v2)


I currently have a working implementation that works as follows:

UI select a file => click upload => call to my backend API to request a signature since I don’t want to expose my access + secretkey => return the signature + policy => do an upload to s3.

This works fine and dandy for v2.

Now I get to the fun bit where my new buckets are in a region where v2 isn’t supported.

I was following the AWS documentation but I think I am misunderstanding the payload bit a bit. Do I really need to have my UI pass in a sha256 hash of my whole file? Since that would seem to be a bit of a pain, especially since my files can be > 1 gig.

The code I was attempting to use:

But this gives an invalid signature response when I try to use the rest of my code.

Am I derping that hard, and just misunderstanding: ?

Any help would be much appreciated since I’ve been hanging my head against this way too long and I’d prefer not to overhaul too much.


You can upload a file to S3 by using standard SDK methods without generating a signature, please see the documentation.
But if you need a signature for some reason, I think, the simplest way to generate a signature is to use methods from AWS SDK, please see the following class which extends AWS4Signer:

where AWS4Signer is from

and AWSCredentials can be built as

Also you should consider http headers when you use multipart data, for example, please see the following method which builds HttpEntity

Leave a Reply