diff --git a/api/configs/middleware/storage/amazon_s3_storage_config.py b/api/configs/middleware/storage/amazon_s3_storage_config.py index e14c210718..8be618960a 100644 --- a/api/configs/middleware/storage/amazon_s3_storage_config.py +++ b/api/configs/middleware/storage/amazon_s3_storage_config.py @@ -43,3 +43,8 @@ class S3StorageConfig(BaseSettings): description="Use AWS managed IAM roles for authentication instead of access/secret keys", default=False, ) + + S3_SIGNATURE_VERSION: str = Field( + description="S3 signature version: 'unsigned', 's3', 's3v4'", + default="s3", + ) diff --git a/api/extensions/storage/aws_s3_storage.py b/api/extensions/storage/aws_s3_storage.py index 7b6b2eedd6..ceafc51bca 100644 --- a/api/extensions/storage/aws_s3_storage.py +++ b/api/extensions/storage/aws_s3_storage.py @@ -4,6 +4,7 @@ from collections.abc import Generator import boto3 # type: ignore from botocore.client import Config # type: ignore from botocore.exceptions import ClientError # type: ignore +import botocore from configs import dify_config from extensions.storage.base_storage import BaseStorage @@ -25,6 +26,11 @@ class AwsS3Storage(BaseStorage): self.client = session.client(service_name="s3", region_name=region_name) else: logger.info("Using ak and sk for S3") + + if dify_config.S3_SIGNATURE_VERSION == 'unsigned': + s_version = botocore.UNSIGNED + else: + s_version = dify_config.S3_SIGNATURE_VERSION self.client = boto3.client( "s3", @@ -32,7 +38,10 @@ class AwsS3Storage(BaseStorage): aws_access_key_id=dify_config.S3_ACCESS_KEY, endpoint_url=dify_config.S3_ENDPOINT, region_name=dify_config.S3_REGION, - config=Config(s3={"addressing_style": dify_config.S3_ADDRESS_STYLE}), + config=Config( + s3={"addressing_style": dify_config.S3_ADDRESS_STYLE}, + signature_version=s_version + ), ) # create bucket try: