Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

S3 endpoints don't validate the request signature when provided in the Authorization header instead of as query params.

The S3PreSignedURLRequestHandler determines if a request is signed only by looking for the presence of known presigned URL query string parameters.

The AWS S3 clients use the authorization header to sign requests (see Authorization methods), in this case, localstack doesn't detect the request as signed and doesn't verify the signature.

Expected Behavior

Requests with a signature in the authorization header are detected and verified.

How are you starting LocalStack?

With a docker run command

Steps To Reproduce

How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)

docker build -t localstack:foo . && docker run --rm -it -e DEBUS=1 -e S3_SKIP_SIGNATURE_VALIDATION=0 -p 4566:4566 -p 4571:4571 localstack:foo

Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)

awslocal s3 cp s3://my-bucket/my-key bar

If you add logging to services.s3.utils.is_presigned_url_request, you'll see that the request is reported as unsigned, but there is a signature in the authorization header.

Environment

- OS: OSX aarch64
- LocalStack:
  LocalStack version: 3.6.1.dev
  LocalStack Docker image sha: sha256:2d1fa00cf26d69efe9d0036dc7dde6c2cdff63f542cb1303898a5d6c733f8d66
  LocalStack build date: 2024-08-23
  LocalStack build git hash: f72da1e

Anything else?

No response