Docker registry error AWS S3 CloudFront

General
, , ,
1

Expected behavior

Pulling images on docker private registry from AWS S3 using CloudFront.

Actual behavior

To push images is working fine. When I tried to pull the same image, it gives me this error:

error pulling image configuration: error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>XXXXXX</RequestId><HostId>XXXXXXXX</HostId></Error>"

Additional Information

 Running: 1
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 1.12.6
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 7
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: host bridge overlay null
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options:
Kernel Version: 3.16.0-4-amd64
Operating System: Debian GNU/Linux 8 (jessie)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.963 GiB
Name: registry
ID: XX:XX:XX:XX:XX:XX
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory limit support
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
Insecure Registries:
 127.0.0.0/8 ```

I have this config.yml:

```version: 0.1
log:
  level: debug
  fields:
    service: registry
storage:
  s3:
    accesskey: XXXXXXXXXXXXXXX
    secretkey: XXXXXXXXXXXXXXX
    region: XXXX
    bucket: XXXXXXXXXXX
    encrypt: true
    keyid: XXXXXXX-XXXXXX-XXXXXX-XXXXX
    v4auth: true
    secure: true
  cache:
    blobdescriptor: inmemory
middleware:
  storage:
    - name: cloudfront
      options:
        baseurl: XXXXXXXXXXX
        privatekey: /etc/docker/pk-XXXXXXXXXXXXXXX.pem
        keypairid:XXXXXXXXXXXXXXXXXXXX
        duration: 3000s
http:
  addr: 0.0.0.0:5000 ```


I read the documentation from docker: `https://docs.docker.com/registry/storage-drivers/s3/`
On AWS side I applied the recommendations settings from docs.
On google, I did not find something that can help me.
Could you please tell me what I'm missing?

Thank you!