Versions

• Grafana: v12.x (server mode)
• Infinity datasource: 3.4.0 / 3.4.1 (regression from 3.3.0)
• Backend fetch: enabled
• Auth: AWS (access key/secret), Region eu-west-1, Service s3

Steps to Reproduce

1. Create Infinity datasource with Authentication = AWS, valid keys, region eu-west-1, service s3.
2. Create a panel:
   • Parser: Backend
   • Source: URL
   • Method: GET
   • URL: any valid S3 object
3. Run query.

Expected

HTTP 200 with the object content (same config works in 3.3.0).

Actual

Panel errors with:

error while performing the infinity query. unsuccessful HTTP response code
status code : 400 Bad Request

Server logs show Infinity using AWS auth and hitting S3, then returning 400.

Regression Window

• Works: 3.3.0
• Breaks: 3.4.0, 3.4.1

Suspected Change

First appears after commit 130999e – “Update for new sigv4 middleware (#1277)” which migrates to the new AWS signing middleware / aws-sdk-go-v2 and bumps grafana-aws-sdk to v1.0.2.

Possible Cause

• The new SigV4 signing path no longer uses the old awsds.ReadAuthSettings(...) + legacy sigv4 middleware.
• Session token (x-amz-security-token) may not be forwarded when using temporary AWS credentials.
• S3-specific signing behavior (e.g., x-amz-content-sha256: UNSIGNED-PAYLOAD for GETs) may differ from the old implementation.
• These changes can cause S3 to reject an otherwise valid request at the signature verification step with a generic 400 Bad Request.

Workarounds

• Use Auth=None with presigned URLs → works.
• Pin plugin to 3.3.0 → works.