Release: Amazon S3 on 2006-05-03

Release Notes>Release: Amazon S3 on 2006 05 03
InvalidSecurity error split, metadata limits, list performance improvement, and HEAD bug fixed.


Submitted By: Craig@AWS
Created On: May 4, 2006 12:47 AM GMT
Last Updated: May 17, 2006 3:19 PM GMT

Release Date: 2006-05-03
Latest WSDL/API Version: 2006-03-01 (unchanged)

New Features

Feature Description
Better reporting of authentication failures
When an error occurs during the authentication and signature checking stage of request processing, Amazon S3 is now more forthcoming about what exactly the problem was. The overly generic InvalidSecurity has been split into five new error codes that are more specific and informative:
  • NotSignedUp: "Your account is not signed up for the Amazon S3 service. You must sign up before you can use Amazon S3. You can sign up at the following URL:"
  • RequestTimeTooSkewed: "The difference between the request time and the server's time is too large." This usually means that the Date (or x-amz-date) header you signed is too old. Check your system clock and make sure you are sending your request within 15 minutes of signing it.
  • SignatureDoesNotMatch: "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method." This error includes <details> elements that may be helpful in debugging your signing code: StringToSign, SignatureProvided, AWSAccessKeyId
  • InvalidAccessKeyId: "The AWS Access Key Id you provided does not exist in our records."
  • AccountProblem: "There is a problem with your AWS account that prevents the operation from completing successfully. Please contact customer service at" This usually indicates a problem charging your credit card.
No changes were made to the mechanics of request authentication and signature checking; All of the error conditions listed above were previously reported as InvalidSecurity.

This change should make errors in this area easier to understand, handle and debug.
Limits on user metadata
New objects are limited to having 2048 bytes of associated user metadata. Recall that user metadata is a set of key-value pairs that can be associated with an object when writing it. The size of user metadata is measured by taking the sum of the number of bytes in the UTF-8 encoding of each key and value. Attempting to store an object with more than the maximum amount of metadata will result in the (new) error code "MetadataTooLarge." Objects with more than 2048 bytes of metadata that were stored before this change will not be affected.

Resolved Issues

Issue Description
Poor list performance
List performance has been improved. This addresses the issue mentioned in this thread:
InternalError on conditional HEAD
HEAD requests with the "If-None-Match" header no longer fail with "InternalError." Addresses the problem identified in this thread:

Note that  conditional PUT and DELETE are still unsupported

Documentation fixes
The WRITE_ACP and READ_ACP access control privilege were sometimes incorrectly referred to as WRITE_ACL and READ_ACL, respectively.

Known Issues

Issue Description
Latent buckets
Sometimes after you delete a bucket, the operation to list all your buckets will continue returning the bucket you deleted, even though it no longer exists.
S3 does not support the HTTP 100-Continue status as described in RFC 2616, section 8.2.3.
S3 ETags calculate an MD5 hash on the object data. According to section 13.3.3 of RFC 2616, this is a weak reference. To be a strong reference, S3 would also have to consider metadata and other headers in the ETag.
SOAP SSL authentication
S3 allows SOAP authentication to be performed over non-SSL connections. SOAP authentication should only be accepted over SSL.
Uploads between 2 GB and 4 GB in size fail A bug in our load balancer causes the connection to close whenever an upload request with content-length between 2 GB and 4 GB is received. Amazon is engaged with the load balancer vendor, has identified the issue, and is in the process of resolving the issue.
©2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.