OpenTok Archives Won’t Upload to S3

We’ve seen that some partners may run into trouble linking their Amazon S3 bucket and OpenTok together, usually due to improper permissions for the bucket.

S3 buckets hosted in Frankfurt as well as Beijing are ineligible to integrate with OpenTok due to a signature versioning issue. S3 buckets hosted in Europe (Frankfurt), US East (Ohio), Canada (Central), Europe (London), Asia Pacific (Seoul), Asia Pacific (Mumbai), Europe (Paris), China (Ningxia), Europe (Stockholm), Asia Pacific (Osaka Local), AWS GovCloud (US-East), and Asia Pacific (Hong Kong) do not support signature 2. Please re-host your bucket in a different region if this applies to you.

Receiving the “Your archive failed to upload” email may be unhelpful to partners who understand their upload failed, but need to know the specific reason why. We’ve come up with a simple cURL script anyone can use to test their S3 credentials, that uploads a dummy file to their S3 storage bucket, letting you view the specific S3 error response. Open your terminal and copy/paste the following: 

bucket=<% Enter your bucket name here! %>

s3Key=<% Enter your S3 Access Key here! %>

s3Secret=<% Enter your S3 Secret Key here! %>


echo 'Hello world! Welcome to OpenTok!' > helloworld.txt




dateValue=`date -jnu +%a,\ %d\ %h\ %Y\ %T\ %Z`


signature=`echo -en ${stringToSign} | openssl sha1 -hmac ${s3Secret} -binary | base64`


curl -v -X PUT -T "${file}" \

 -H "Host: ${bucket}" \

 -H "Date: ${dateValue}" \

 -H "Content-Type: ${contentType}" \

 -H "Authorization: AWS ${s3Key}:${signature}" \

 https://${bucket}${file} \

&& rm helloworld.txt



A successful upload should see the following as part of the response:
> Expect: 100-continue


< HTTP/1.1 100 Continue

* We are completely uploaded and fine

< HTTP/1.1 200 OK


An un-successful upload will see the following instead:
> Expect: 100-continue


< HTTP/1.1 403 Forbidden


If unsuccessful, the response string will usually be informative. A permissions issue typically sees something like this as the response:

<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DAC6142AA0A5C2E2</RequestId><HostId>kQxzTkrBZOYcYLdr0qLHaurQiZOMKDh+4sbpJnwmSFzAWGcTVJRKKZpyGx9lcRUN</HostId></Error>

If that is the case, here is some external AWS documentation on how to attach the proper permissions roles to your AWS user:

Have more questions? Submit a request