Hi, I'm trying to build a tool similar to the S3 explorer, but with the capability of restoring objects from Glacier/Deep Glacier via the POST /ObjectName?restore AWS API command. I set up an API resource with AWS V4 auth, but I think because that auth option enforces a URL scheme of region.amazonaws.com, and the S3 REST endpoints are s3.amazonaws.com, I am running into an error on query execution: "Error: Hostname/IP doesn't match certificate's altnames". One solution might be to just add "s3" to the list of regions in the AWS v4 auth options? From the AWS docs (RestoreObject - Amazon Simple Storage Service) I need to send something like this:
POST /ObjectName?restore HTTP/1.1 Host: BucketName.s3.amazonaws.com Date: date Authorization: authorization string (see Authenticating Requests (AWS Signature Version 4)) Content-MD5: MD5
I think because that auth option enforces a URL scheme of region.amazonaws.com
ahh yeah i think you’re right, for aws4 we do expect the hostname to look like either region.amazonaws.com or service.region.amazonaws.com. ooc, what made you think that we enforce this url scheme? was there an error message you saw that said something like that?
i can prolly get you a fix for this either today or tomorrow, i’ll keep you updated!
Wow, thank you for your fast response (even on a weekend-- almost too much to ask). In response to your question-- yes there was on error message in the bottom pane of the app builder that clued me in.
haha no worries! always happy to help 
ahhh got it, yeah i know what error you’re talking about
alright, the fix is going out on our next deploy (in about ~9 hours or so)
Great. I can send GET queries to the s3 endpoints now, but am having trouble with POST requests (e.g., POST object-restore). With POST requests, I get a 403/forbidden error with “The request signature we calculated does not match the signature you provided. Check your key and signing method.”
I am not sure exactly what is going on, as I don’t know exactly what Retool is doing to manage the AWS authorization. One hypothesis is that the Content-MD5 header is not being calculated (required for POST requests, see https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOSTrestore.html) and/or is not being included in the authorization.
I really appreciate your help! Let me know if I can grant you access to my test app or help in any way.
ah oops! my bad i didn’t test out a POST
will take a look at this today
hmm so i spent some time on this today, but unfortunately didn’t get anywhere yet 
still haven’t finished debugging it. these signature errors are hard haha
Just posted a comment on the gist-- i think you need signQuery=true
omg you’re a genius!!
thanks for helping me debug it! i’ll put up a fix tonight, and it’ll go out in our next deploy