fix(s3-request-presigner): identify correct authscheme for mrap

[RanVaknin]

Issue

#5639

Description

This pull request addresses an issue where the signing region for a presigned URL was not being set correctly when using a Multi-Region Access Point (MRAP) with the auth scheme SigV4a. Previously, when an MRAP was specified as a bucket, the signing region would be left as undefined. This resulted in presigned URLs that did not conform to the expected SigV4a specifications, where the signing region should be set to "*" to indicate a multi-region signing process.

To resolve this, I have updated the logic for determining the signing region within the getSignedUrl function. Now, when the provided bucket is an MRAP, the SDK correctly deduces that the auth scheme is SigV4a and sets the signing region to "". This ensures that the generated presigned URL uses the correct signing algorithm (AWS4-ECDSA-P256-SHA256) and includes the X-Amz-Region-Set parameter set to "".

Example:

Driver code:

import { S3Client, PutObjectCommand, GetObjectCommand } from '@aws-sdk/client-s3';
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
import "@aws-sdk/signature-v4-crt"

const MRAP = 'arn:aws:s3::REDACTED:accesspoint/REDACTED.mrap';

const client = new S3Client({ region: "us-east-1" });

async function signGet() {
    const getCommand = new GetObjectCommand({
        Bucket: MRAP,
        Key: "sample.txt"
    });
    try {
        const signedUrl = await getSignedUrl(client, getCommand, { expiresIn: 3600 });
        console.log(signedUrl)
        return signedUrl;
    } catch (error) {
        console.error("Error generating presigned URL:", error);
    }
}

signGet();

Output (URL Decoded and formatted for better readability):

Before changes:

https://REDACTED.mrap.accesspoint.s3-global.amazonaws.com/sample.txt?
X-Amz-Algorithm=AWS4-HMAC-SHA256&  
X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&
X-Amz-Credential=REDACTED/20240130/undefined/s3/aws4_request&   
X-Amz-Date=20240130T213639Z&
X-Amz-Expires=3600&
X-Amz-Signature=REDACTED&
X-Amz-SignedHeaders=host&x-id=GetObject

After changes:

https://REDACTED.mrap.accesspoint.s3-global.amazonaws.com/sample.txt?
X-Amz-Algorithm=AWS4-ECDSA-P256-SHA256&  
X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&
X-Amz-Credential=REDACTED/20240130/s3/aws4_request&  
X-Amz-Date=20240130T214116Z&
X-Amz-Expires=3600&
X-Amz-Region-Set=*&  
X-Amz-Security-Token=REDACTED& 
X-Amz-SignedHeaders=host&x-id=GetObject

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.