S3 access with temporary credentials

Feature Requests
,
1

Hi there.

I’m using a transcription service which allows me to upload files to an S3 bucket operated by that service. The procedure for an upload is this:

  1. Authenticate with the API offered by the transcription service. A bearer token is returned.
  2. Send a request which asks for initiating a file upload. The API then returns temporary credentials for accessing their S3 bucket and an object key.
  3. Send a request to the S3 endpoint, using the temporary credentials and the object key. The payload of this request is the file to be uploaded.

This works perfectly fine when I do it in Postman, using the authentication method “AWS Signature” for the upload to the S3 endpoint. But I can’t get it to work in n8n.

n8n offers two kinds of nodes that may be relevant for this task: one is named AWS S3, the other one only S3. I tried it with both of them, here’s what happens:

S3 node:

I set up the credentials such that the access key and secret key provided as temporary credentials (see step 2 above) are used. However, the credentials dialog of that node does not allow me to enter the session token, which is also part of the temporary credentials I receive.

Running the workflow, I receive a 403 error with the message “The security token included in the request is invalid”. That makes sense, considering that the session token was not included, but I don’t see any way for including it.

AWS S3 node:

Here the credentials dialog has a toggle button “Temporary Security Credentials”. When I switch it on, I can enter my session token in addition to the access key and secret key. It also allows me to specify a custom endpoint, which I did (the S3 endpoint of the transcription service’s bucket).

Running the workflow, I receive a 403 error with the message “The AWS Access Key Id you provided does not exist in our records.”

Before you ask, yes, I have checked that the correct region is selected in the AWS credentials (the same I use in Postman).

My theory is this: AWS does not recognize the credentials because the S3 bucket is hosted outside of AWS. That would imply that I should use the S3 node instead of the AWS S3 node. However, the S3 node does not allow me to include the session token (maybe it does not support AWS Signature authentication at all?), so I’m stuck.

Any input is highly welcome.

I’m on n8n Cloud, version 1.34.2.

2

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:
5

Hi @tweety,

Thanks for the thorough description and for bringing this up :dizzy:

Have you tried using the HTTP Request node here? If so, what’s the outcome?

This seems to be a feature request worth making, so I’ll move this post to that category - don’t forget to vote!

1 Like
6

Hi @mariana-na,

Thanks for your reply. The problem is that the S3 endpoint I’m trying to use requires an AWS signature. If I were to use the HTTP Request node, I’d have to manually construct that signature. I had a conversation with ChatGPT on how to do that, and while it appears possible in principle, it is also a rather lengthy piece of JS code and may be prone to errors. I see this as a last resort and would definitely prefer to have the feature implemented in the S3 node.

Best wishes,
Thomas

1 Like
7

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.