Forbidden: 403 error aws Device Shadow REST API - amazon-web-services

I use AWS IoT-core Device Shadow REST API I have created an IAM user role and give all access
this is my API key and header and endpoint
URL: {{endpoint-url}}/things/thingName/shadow
Method: GET
Header: header pass with AWS signature
accessKey: "accessKey"
secretKey: "secretKey"
execute-api working fine this is API response
[
{
"id": 1,
"type": "dog",
"price": 249.99
},
{
"id": 2,
"type": "cat",
"price": 124.99
},
{
"id": 3,
"type": "fish",
"price": 0.99
}
]
but my IoT-core Shadow REST API not working
I follow this docs https://docs.aws.amazon.com/iot/latest/developerguide/device-shadow-rest-api.html
attached screenshot: https://i.stack.imgur.com/luBMa.png

I had the same issue, and the solution was to set the Service Name field in Postman AWS Signature settings used to sign the AWS Signature V4 auth header to iotdevicegateway as per the docs here: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iot-data.html#IoTDataPlane.Client.get_thing_shadow

Related

WSo2 API Manager and Keyrock - issue with roles

I have deployed WSo2 API Manager 4.1.0 on a Debian 10 machine using the ZIP archive.
I have configured my Keyrock instance as an external identity provider in the Management Console.
When I log in with the Keyrock admin account, I can access the Publisher of the API Manager.
However, with any other account, I get the following error:
Error 403 : Forbidden - The server could not verify that you are authorized to access the requested resource.
After many verifications, I think I have correctly configured WSo2:
WSo2 API Manager configuration:
Basic Claim Configuration
Role Configuration (I also tried to give all roles to the user)
Federated Authenticators / OAuth2/OpenID Connect Configuration
Just-in-Time Provisioning
Keyrock configuration:
Application configuration
Users authorization
I have no log for WSo2 when the error is displayed.
Here is the content of the JWT token that Keyrock sends back to WSo2:
{
"organizations": [],
"displayName": "",
"roles": [
{
"id": "1a209432-7bfe-4055-9028-a42524fc5418",
"name": "publisher"
},
{
"id": "8192fef7-d77d-4389-a618-082ccddd33ad",
"name": "apim_publisher"
}
],
"app_id": "babab169-10ea-4283-a64a-7fba4aca6ce9",
"trusted_apps": [],
"isGravatarEnabled": false,
"id": "1a8f660f-d32f-46c1-a5f5-80a5cbffd219",
"authorization_decision": "",
"app_azf_domain": "",
"eidas_profile": {},
"attributes": {},
"shared_attributes": "",
"username": "pierre.josselin",
"email": "email#example.com",
"image": "",
"gravatar": "",
"extra": "",
"iss": "http://localhost:3000",
"sub": "1a8f660f-d32f-46c1-a5f5-80a5cbffd219",
"aud": "babab169-10ea-4283-a64a-7fba4aca6ce9",
"exp": 1657904225,
"iat": 1657900625,
"at_hash": "9zTg2zPtFlbJpLmKE8Izsg=="
}
Thank you very much

GCP API key is not valid in postman

I tried to create new dialogflow intent through postman. It is working in API Explorer but I can't able to connect dialogflow with postman. For doing this I have created some credentials,
New API key in GCP project
Oauth credentials in GCP project
Bearer token from google cloud SDK shell
Here I have used same API in postman but can't able to connect. How can I troubleshoot this?
{
"error": {
"code": 400,
"message": "API key not valid. Please pass a valid API key.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_INVALID",
"domain": "googleapis.com",
"metadata": {
"service": "dialogflow.googleapis.com"
}
}
]
}
}

Native way of view apigateway documentation in browser

I have an public AWS apigateway created providing a swagger file.
To document the API I have added to the swagger the following section:
"x-amazon-apigateway-documentation": {
"documentationParts": [
{
"location": {
"type": "API"
},
"properties": {
"description": "This is the API description"
}
},
{
"location": {
"type": "METHOD",
"method": "GET",
"path": "/foo/{bar}"
},
"properties": {
"description": "This is the method description"
}
}
]
}
Then I have published the documentation version 1.0 through AWS console.
Reached this point I want to give anyone the URL of my API documentation that ideally should be rendered in the browser in a nice way.
But, checking AWS docs regarding apigateway documentation I only find one way to access to it, that is using another AWS provided API:
http://apigateway.eu-central1.amazonaws.com/restapis/TheIdOfMyApiGateway/documentation/parts
Additionally, I should set some access keys in the request to retrieve it, making impossible for one agnostic user to simply view it in the browser setting no additional headers in the request.
Is there any way to achieve my aim?

List Documentation Parts AWS apigateway

Through Terraform I have created an AWS apigateway based on a swagger file.
I that swagger file I have added the specific AWS endpoints to document the API, like:
"x-amazon-apigateway-documentation": {
"documentationParts": [
{
"location": {
"type": "API"
},
"properties": {
"description": "This is the API description"
}
},
{
"location": {
"type": "METHOD",
"method": "GET",
"path": "/foo/{bar}"
},
"properties": {
"description": "This is the method description"
}
}
]
}
Then I have published the documentation version 1.0 through AWS console and I am trying to fetch that documentation via HTTP as stated in :
List Documentation Parts
But, unfortunately, I can't. I am doing a GET to the endpoint
http://apigateway.eu-central1.amazonaws.com/restapis/<TheIdOfMyApiGateway>/documentation/parts
And it doesn't even give me a 4XX code but neither response nor HTTP code at all.
What I am doing wrong?
My bad was a typo in the region.
I was missing a dash, the correct endpoint is:
http://apigateway.eu-central-1.amazonaws.com/restapis/<TheIdOfMyApiGateway>/documentation/parts
With eu-central-1 instead of eu-central1
I check the naming of the regions in AWS Regions

AWS API Gateway and EC2 Service Proxy

I am trying to POST a json string to API Gateway and in turn have API Gateway send the JSON to an EC2 server.
My issue is I can't find good documentation from Amazon on how to accomplish this.
When I test the setup I get this
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>InvalidHttpRequest</Code><Message>The HTTP request is invalid. Reason: Unable to parse request</Message></Error></Errors><RequestID>1fa47f52-d75c-4ff8-8992-3eac11a79015</RequestID></Response>"
Which means very little to me. I assume it is an issue with API Gateway trying to send the request to EC2 and it can't so it generates this error. So perhaps I am setting up the EC2 AWS Service Proxy in API Gateway incorrectly. Which is likely because I have no idea what I am supposed to set 'Action' to right now I have it pointing to the EC2 instance, only cause i don't see any other place to put that info.
This really shouldn't be that hard I have successfully done this thing connecting to Lambda and have looked through all the documentation and all I can find is this: http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-aws-proxy.html#getting-started-aws-proxy-add-resources
Which is less than helpful for this scenario. Any Ideas?
I think you confused AWS Service Proxy and HTTP Service proxy.
API Gateway can forward API calls to different type of backends:
- a lambda function
- an AWS Service (see http://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html for an example)
- an existing API, running on AWS or on premises (your use case)
When defining you API, be sure to define a POST verb and point the Endpoint URL to your EC2 instance URL
I just made a test using the JSON POST service available online at http://gurujsonrpc.appspot.com/ and it works as expected.
Here is the Swagger export of my test API.
{
"swagger": "2.0",
"info": {
"version": "2016-04-11T20:46:13Z",
"title": "test"
},
"host": "c22wfjg4d7.execute-api.eu-west-1.amazonaws.com",
"basePath": "/prod",
"schemes": [
"https"
],
"paths": {
"/": {
"post": {
"produces": [
"application/json"
],
"responses": {
"200": {
"description": "200 response",
"schema": {
"$ref": "#/definitions/Empty"
}
}
},
"x-amazon-apigateway-integration": {
"responses": {
"default": {
"statusCode": "200"
}
},
"uri": "http://gurujsonrpc.appspot.com/guru",
"httpMethod": "POST",
"type": "http"
}
}
}
},
"definitions": {
"Empty": {
"type": "object"
}
}
}