Parse a Legacy Pre-signed URL (Signature V2)
Understand the older Signature Version 2 pre-signed URL format still encountered in legacy systems. Compare with the current Signature V4 format.
Detailed Explanation
Legacy Pre-signed URLs with Signature V2
Signature Version 2 (SigV2) is the older signing format for S3 pre-signed URLs. While AWS has deprecated SigV2 for most regions, you may still encounter these URLs in legacy systems, old documentation, or code that hasn't been updated.
Example URL
https://old-bucket.s3.amazonaws.com/archive/data.zip?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Expires=1705320000&Signature=dGhpcyBpcyBhbiBleGFtcGxlIHNpZw%3D%3D
Parsed Components
Base URL:
| Component | Value |
|---|---|
| Bucket | old-bucket |
| Key | archive/data.zip |
| Region | (not specified) |
| Style | Virtual-Hosted |
Signing Parameters:
| Parameter | Value | Purpose |
|---|---|---|
AWSAccessKeyId |
AKIAIOSFODNN7EXAMPLE |
AWS access key |
Expires |
1705320000 |
Unix timestamp expiration |
Signature |
dGhpcy...%3D%3D |
Base64-encoded HMAC-SHA1 signature |
V2 vs V4 Comparison
| Feature | Signature V2 | Signature V4 |
|---|---|---|
| Algorithm | HMAC-SHA1 | HMAC-SHA256 |
| Expiration format | Unix timestamp | Duration in seconds |
| Region scoping | Not region-scoped | Region-scoped in credential |
| Parameter prefix | AWSAccessKeyId, Signature, Expires |
X-Amz-* parameters |
| Security | Weaker (SHA1) | Stronger (SHA256 + region scope) |
| Supported regions | Only older regions | All regions |
Region Support
SigV2 is only supported in regions launched before January 2014:
us-east-1,us-west-1,us-west-2eu-west-1ap-southeast-1,ap-southeast-2,ap-northeast-1sa-east-1
All newer regions (e.g., eu-central-1, ap-south-1, us-east-2) require Signature V4.
Migration to V4
If you encounter V2 pre-signed URLs, update your code to use V4 signing. All current AWS SDKs default to V4.
Use Case
Migrating a legacy application that generates Signature V2 pre-signed URLs to Signature V4 format to support newer AWS regions and improve security.