使用AWS ApiGateway签名的URL
[英]Signed URL with AWS ApiGateway
问题描述
I'm using AWS signV4 to sign requests for calling AWS API Gateway. 
我正在使用AWS signV4签署调用AWS API Gateway的请求。 Using Requests with headers are not suited for my use case hence the initiative to work with signed urls and query strings. 使用带有标头的请求不适合我的用例,因此主动使用已签名的URL和查询字符串。
I had used AWS Sample Python sample that works great for IAM user creation. 我曾使用AWS Sample Python示例,该示例适用于IAM用户创建。
the same Access Key and Secret are used in both cases (IAM Creation , API Gateway call) so its definitely not an issue of wrong access key / secret. 在两种情况下都使用相同的访问密钥和密钥(IAM创建,API网关调用),因此它绝对不是错误访问密钥/密钥的问题。
The main issue i see is that the signature i get is different than the one the API Gateway thinks i should send. 我看到的主要问题是我获得的签名与API Gateway认为我应该发送的签名不同。
I've added all the documented query string but still get the below error. 我添加了所有记录的查询字符串但仍然得到以下错误。
What am i missing here? 我在这里失踪了什么?
Here is the request URL: 这是请求网址:
https://*******.execute-api.us-east-1.amazonaws.com/******?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=**********%2F20170424%2Fus-east-1%2Fexecute-api%2Faws4_request&X-Amz-Date=20170424T124521Z&X-Amz-Expires=60&X-Amz-SignedHeaders=host&X-Amz-Signature=**********821742cee7661ef3a0ab1e5c
While using it with the execute-api service i had received the following error : 在将它与execute-api服务一起使用时,我收到了以下错误:
{
"message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'GET\n/*******\nX-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=*********%2F20170424%2Fus-east-1%2Fexecute-api%2Faws4_request&X-Amz-Date=20170424T124521Z&X-Amz-Expires=60&X-Amz-SignedHeaders=host\nhost:*******.execute-api.us-east-1.amazonaws.com\n\nhost\n*********'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20170424T124521Z\n20170424/us-east-1/execute-api/aws4_request\n**********'\n"
}
I've Checked also the java implementation using the samples from : AWS Signer Java but the results were the same. 我还使用以下示例检查了java实现: AWS Signer Java但结果是相同的。
1 个解决方案
解决方案1
0 已采纳 2017-04-24 17:20:26
SigV4 signing and this error message isn't anything specific to API Gateway itself. SigV4签名和此错误消息不是API网关本身的任何特定内容。 The signing algorithm and the verification at the AWS end is common for all AWS services. AWS端的签名算法和验证对于所有AWS服务都是通用的。
Can you compare the canonical string that is in the error message and the one that you are generating while sending the request? 您可以比较错误消息中的规范字符串和发送请求时生成的字符串吗? That should help you identify the issue. 这应该可以帮助您确定问题。
Also, go through the step-by-step explanation to see if you are doing everything right. 另外,请逐步解释一下,看看你是否做得对。 One of the common issues is case-sensitivity of header names and the sorting order of parameters. 常见问题之一是标题名称的区分大小写和参数的排序顺序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.