I was checking out a couple methods from amazon-api-gateway-developer-guide and I stumbled with api-gateway-export-api, I managed to get the AWSCLI command (aws apigateway get-export --parameters extensions='apigateway' --rest-api-id abcdefg123 --stage-name dev --export-type swagger latestswagger2.json --profile profile --region us-east-1) working by adding the --profile and --region parameters, but for whatever reason I can't get the Request URL to return the API definition response.
I am trying to do the following couple things (Postman):
GET request with the URL: https://apigateway.us-east-1.amazonaws.com/restapis/abcdefg123/stages/dev/exports/oas30
Add authorization type AWS-Signature to the request with all the
parameters filled (AccessKey, SecretKey, AWS Region,
Service Name and Session Token)
The Authorization, x-Amz-Date and x-Amz-Security token are generated successfully, as far as I can tell
I am also sending a the headers Host (apigateway.us-east-1.amazonaws.com) and Accept (application/yaml)
This results in the following error:
{"logref":"2734hu2r2873","message":"User:
arn:aws:sts::7216832187:assumed-role/DEVELOPER/xxxx is not authorized to perform:
apigateway:GET on resource:
arn:aws:apigateway:us-east-1::/restapis/abcdefg123 /stages/dev/exports/oas30"}
I was actually getting the same error with the AWSCLI command before I added the --profile and --region parameters. I already checked out a couple posts about issues like mine, this one is an example export swagger api definition from api gateway via http request?, but I am doing basically the same thing (sending the same headers, same host and URL) and getting this error. I don't think my access key, secret key, token or any of that information might be wrong... because it's the credentials I use for the AWSCLI command.
Thank you for the taking the time to read and/or reply to my post, I really appreciate any feedback in anything.
The point of trying to get this request to work is that I wanted to add it as an HTTP proxy to an API, unfortunately I couldn't get it to work.
My problem was that I have a couple profiles in my session and each one of them has different permissions, I found no way to specify the profile I wanted to use in the request and thus it caused the error mentioned above.
In the end I opted to write a Lambda function with proxy integration and everything went fine, after giving the lambda profile the apigateway:GET permission.
If I have a misconception about anything I wrote about or I am using a term in an incorrect way please correct me, I am still fairly new to AWS and have a lot to learn!
Related
I have created a Integration Request, I am trying to add headers to that request using AWS cloudshell:
aws apigateway update-integration --rest-api-id abcdefgh --resource-id
abcdefghj --http-method POST --request-parameters
{"integration.request.header.X-mobile":"context.authorizer.mobile"}
But it is not working, I have tried PUT integration as well, It was giving the below error:
An error occurred (BadRequestException) when calling the
PutIntegration operation: Enumeration value for HttpMethod must be
non-empty
Try add those command options:
--integration-type eg. AWS_PROXY
--integration-method eg. POST
--integration-uri eg. arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaForSimpleProxy.Arn}/invocations
Here you will find values exmple: Lambda Proxy
I had similar issue in cloudformation, when you are using integration some options are conditional AWS::ApiGateway::Method Integration
Unfortunately aws cli docs doesn't mention this.
Adding
--integration-http-method POST
solved it for me when doing this with AWS CLI.
As per the documentation:
For Lambda integrations, you must use the HTTP method of POST for the
integration request, according to the specification of the Lambda
service action for function invocations.
I am trying to follow this otherwise excellent post to deploy a Java-based AWS lambda app. I'm scripting it out as instructed in that post. I receive the following error when calling aws apigateway put-integration:
An error occurred (BadRequestException) when calling the
PutIntegration operation: Lambda function ARN must be in same account
I'm trying to script the creation of an API gateway to a lambda function. Here's the full deploy.sh script. I have on my local machine the requisite AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_ACCOUNT_ID environment variables.
I don't know enough to understand what that error is telling me. AFAIK, the access secret and id and account ID are all from the same IAM user.
My AWS CLI Script
aws apigateway put-integration --region ap-south-1 --rest-api-id xxttj6inea --resource-id bgncc0 --http-method GET --type AWS --integration-http-method POST --uri arn:aws:apigateway:ap-south-1:lambda:path/2019-09-20/functions/arn:arn:aws:lambda:ap-south-1:***********:function:Hello/invocations
Thank you very much in advance for any ideas/help.
This error can happen because of two reasons:
Your AWS CLI settings are incorrect. I'll implore you to check the AWS CLI configuration file, and run test API calls for the same to verify if everything is set up appropriately.
Your Lambda function belongs in one account, and your REST API in API GW belongs in another account.
I want to connect a HTTP device to IoT core.
I have tried this with the curl command all goes well.
Now I want to try to use POST with signatyure version 4
I'm using postmand to send a POST request, but I got this output:
"message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.",
In authorization fields I have chosen "AWS Signature" and I have completed all of them: access and secret key, aws region and service name=iotdata
I want to get the same results as when I use the curl command:
curl --tlsv1.2 --cacert YY.pem --cert XX.pem.crt --key ZZ.pem.key -X POST -d "{ \"Trama\": \"message\"}" "https://PPPPPP.iot.eu-west-1.amazonaws.com:8443/topics/topicname?qos=1"
The problem here is that both of your commands are a little different, because of the various ways you can send data to AWS IoT.
In the curl command you're actually using x.509 certificate approach (you can see here for further information: https://docs.aws.amazon.com/iot/latest/developerguide/managing-device-certs.html) This doesn't need the payload to be signed, it's already trusted because the certificate is.
This approach is mostly unique to AWS IoT, because the aim is that the data comes from lots of devices- and you wouldn't want to give them all an IAM Role. In fact, certificate is the recommended way to send data from a device.
You can use these certificates with Postman if you want, by adding them to the request under certificates tab (you only need the .crt and .key files). See https://www.getpostman.com/docs/v6/postman/sending_api_requests/certificates for more detailed instructions.
You still can use AWS v4 signatures (https://docs.aws.amazon.com/iot/latest/developerguide/iam-users-groups-roles.html) so the suggestion is that you're not forming the request properly.
Looking at this documentation (https://docs.aws.amazon.com/iot/latest/apireference/API_iotdata_Publish.html) you should be using:
Method: POST
Uri: <AWS IoT Endpoint>/<url_encoded_topic_name>?qos=1 (e.g. https://a1pn10j0v8htvw.iot.us-east-1.amazonaws.com:8443/topics/iotbutton/virtualButton?qos=1)
Authorisation Type: AWS Signature
AccessKey / SecretKey: As per your credentials
AWS Region: Region you AWS IoT instances is in
Service Name: iotdata
Session Token: Leave blank
I am trying to follow this otherwise excellent post to deploy a Java-based AWS lambda app. I'm scripting it out as instructed in that post. I receive the following error when calling aws apigateway put-integration:
An error occurred (BadRequestException) when calling the PutIntegration operation: Lambda function ARN must be in same account
I'm trying to script the creation of an API gateway to a lambda function. Here's the full deploy.sh script. I have on my local machine the requisite AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_ACCOUNT_ID environment variables.
I don't know enough to understand what that error is telling me. AFAIK, the access secret and id and account ID are all from the same IAM user.
Thank you very much in advance for any ideas/help.
I'm trying to just test out AWS s3 with eclipse using Java, I'm just trying to execute the Amazon s3 sample, but it doesn't recognise my credentials, and I'm sure my credentials are legitimate, it gives me the following error:
===========================================
Getting Started with Amazon S3
===========================================
Listing buckets
Caught an AmazonServiceException, which means your request made it to Amazon S3, but was rejected with an error response for some reason.
Error Message: Status Code: 403, AWS Service: Amazon S3, AWS Request ID: 057D91D336C1FASC, AWS Error Code: InvalidAccessKeyId, AWS Error Message: The AWS Access Key Id you provided does not exist in our records.
HTTP Status Code: 403
AWS Error Code: InvalidAccessKeyId
Error Type: Client
Request ID: 057D91D336C1FASC
a little update here:
so there's a credential file that aws creates in the computer system. mine case was '/Users/macbookpro/.aws/credentials'
the file in this place decides the default accessKeyId and stuff.. go ahead and update it.
So I ran into the same issue, but i think i figured it out.
I was using Node.js, but i think the problem should be the same since it's how they have structured their object was the issue.
in javascript if you run this in the backend,
var aws = require('aws-sdk');
aws.config.accessKeyId= "Key bablbalab"
console.log(aws.config.accessKeyId)
you will find it prints out something different. coz the correct way of setting the accessKeyId isn't what they have provided in the official website tutorial
aws.config.accessKeyId="balbalb"
or
aws.config.loadFromPath = ('./awsConfig.json')
or any of that.
If you log the entire "aws.config", you will find the correct way is
console.log(aws.config)
console.log(aws.config.credentials.secretAccessKey)
aws.config.credentials.secretAccessKey="Key balbalab"
you see the structure of the object? there's the inconsistence