When trying to upload to an S3 bucket with AWS KMS default encryption enabled (AES256 is expressly forbidden by policy), we receive the following error (formatting mine and info redacted):
Code: Select all
(Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>InvalidArgument</Code>
<Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message>
<ArgumentName>Authorization</ArgumentName>
<ArgumentValue>null</ArgumentValue>
<RequestId>XXXXXXXXXXX</RequestId>
<HostId>XXXXXXXXXXXXXXX</HostId>
</Error>
at 0000000001660298.CP: TGGetOrPutEX:Bad Request<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</Argum)
https://docs.aws.amazon.com/general/lat ... ion-4.html
The profile is configured for AWS S3 and the Server Side Encryption box is unchecked (because we forbid AES256, and we want to allow default encryption to kick in).