Rados GW Returns 403 when AWS Signature v4 based Auth used


We have Focal Ussuri release and we are using Ceph as storage backend.

We are using a Java application that uses S3 as backend. We created an EC2 credential successfully to access to Ceph Rados Gateway through S3 Compatible API.

With S3 Tools such as S3 Browser, we can access to Container using AWS Signature v2. However if we switch to Signature v4 in that tool or use AWS SDKs, we are receiving 403 Forbidden errors.

Due to AWS Signature v2 is EOL, it’s not a part of AWS S3 SDKs anymore.

Is there anyone exists that can access their object storage using S3 Signature v4 here?

Unfortunately, this is still an upstream limitation: https://tracker.ceph.com/issues/11858

This may actually be fixed in Ceph per https://tracker.ceph.com/issues/10333, however it is not clear. I’ll need to look into this further.