Aws::S3::Errors:: fix with Travis-CI, Docker and AWS [June 2020 Update]

Intro

Docker! DOCKER! Docker!

Over the last 6 months of consistent coding, I’ve realized each new phase introduces its own exciting concept. Recently, it was Docker — and this article walks you through a very specific issue I faced while working with Travis CI, Docker, and AWS.

I’ve been taking the Udemy course Docker and Kubernetes: The Complete Guide by Stephen Grider (a brilliant instructor). While progressing through the course and a fantastic article by William Okafor, I hit a snag during deployment — specifically in Step 8 of William's guide.

This post is not an introduction to Docker, but a helpful update to William’s excellent tutorial:

William Okafor’s Original Guide

Issue in Step 8

William's Step 8 suggests updating your .travis.yml to deploy your code using the following format:

# .travis.yml (deprecated approach) deploy: provider: s3 access_key_id: "$AWS_ACCESS_KEY" secret_access_key: "$AWS_SECRET_KEY" # ❌ BREAKING bucket: "my-app-bucket" skip_cleanup: true region: "us-east-1" local_dir: build

The error lies in the line:secret_access_key: "$AWS_SECRET_KEY"which Travis now flags.

Error Encountered

Using the syntax above, you might encounter an error like:

Aws::S3::Errors::AccessDenied: Access Denied The request signature we calculated does not match the signature you provided.

Explanation

Travis CI introduced changes that no longer allow plain-text assignments to secret_access_key in this way. Previously, failed decryption would silently fallback, but now it's explicitly blocked for security.

✅ The Fix

You need to use encrypted environment variables instead. Here's the updated version:

# .travis.yml (fixed version) deploy: provider: s3 access_key_id: "$AWS_ACCESS_KEY" secret_access_key: secure: "$ENCRYPTED_AWS_SECRET_KEY" # ✅ FIXED bucket: "my-app-bucket" skip_cleanup: true region: "us-east-1" local_dir: build

This ensures secrets are not stored in plain text and adhere to Travis CI’s latest security requirements.

Conclusion

I hope this quick update saved you some debugging time. Remember to always check official CI/CD docs for recent changes — especially when working with sensitive credentials like AWS keys.

And shout out again to William Okafor for his awesome guide. This article simply builds upon and modernizes his instructions.