Looks like this is still an idea:
Publish all Salesforce IP Ranges available via a JSON endpoint
https://ideas.salesforce.com/s/idea/a0B8W00000GdZ2GUAV/publish-all-salesforce-ip-ranges-available-via-a-json-endpoint
AWS publishes its current IP address ranges in JSON format. With this information, you can identify traffic from AWS. You can also use this information to allow or deny traffic to or from some AWS services.
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html
Script-thrown exception" error on HTTP callouts to AWS as of Spring ’22
https://trailhead.salesforce.com/trailblazer-community/feed/0D54V00007epy6b
Endpoint needs to be in full URL form
Please export all the three AWS credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN) and paste it to terminal (please use https://docs.aws.amazon.com/keyspaces/latest/devguide/access.credentials.html to generate it)
403 error
ERROR: Status: Forbidden
Code : 403
Body : <ErrorResponse xmlns="http://queue.amazonaws.com/doc/2012-11-05/
">SenderSignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
I can confirm that recreating my access keys until I got one without special characters in it, worked. What a ridiculous bug, wow.
Seeing as this is such a long running issue, would it not be intelligent to update the error messaging to give users a link to a potential fix, like rebuilding your keys? Instead of something which makes out that the issue is far more complex than "yeah we error out when your keys have special chars in them, sorry!".
Got the same error today, currently using Windows 10. However, when I use the same access key on another laptop (mac), it works fine for me. Then I tried the access key within WSL, which is also fine. Not sure the reason, and there is no special character in the aws key.