AWS s3 - node sdk : Get Signed URL for an object in an encrypted bucket

I am using the AWS s3 node-sdk to put an object in a KMS encrypted bucket. I want to get the signedURL for the object, so I could use it to offer the file as a browser download. Currently, Im doing the following:

const url = s3.getSignedUrl('getObject', {
                    Bucket: bucketName,
                    Key: fileName,
                    Expires: signedUrlExpireSeconds
                })

I get a url as the response. Using the URL, I get the following error in the browser

<Error>
<Code>InvalidArgument</Code>
<Message>
Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
</Message>
<ArgumentName>Authorization</ArgumentName>
<ArgumentValue>null</ArgumentValue>
<RequestId>XXXXXXXXXXXXXXX</RequestId>
<HostId>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
</HostId>
</Error>

I've been looking for documentation to use the AWS signature version 4, but found no leads. How can I get the signedURL for this encrypted object using the node sdk?


This is a bug in the sdk. You need to explicitly tell it to use v4.

const s3 = new AWS.S3({maxRetries: 10, signatureVersion: "v4"});