Interaction with the AWS API? - amazon-web-services

I've gotten the necessary access key/signature from my client and I can interact with the API through the Ruby SDK right now. Thing is, the Ruby SDK doesn't have any kind of high-level API methods to request a spot instance. So, I need to do this manually via raw REST API requests.
Basically, the authentication information that I am using is correct (as it works via the Ruby SDK), but I can't get raw requests to work... I either get back the spot request wizard webpage as the response, or an error: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
Here's the URL I'm using:
https://ec2.amazonaws.com/?Action=RequestSpotInstances
&SpotPrice.1=0.05
&AvailabilityZoneGroup.1=us-east-1c
&LaunchSpecification.ImageId.1=THE_AMI_ID
&LaunchSpecification.KeyName.1=THE_KEYPAIR
&LaunchSpecification.InstanceType.1=m1.medium
&AWSAccessKeyId=THE_ACCESS_KEY
&Signature=THE_ACCESS_SIGNATURE
&Version=>2013-10-01
&Expires=>THE_EXPIRATION_TIME_36000_SECONDS_LATER_THAN_NOW
&SignatureVersion=2
&SignatureMethod=HmacSHA256
Any ideas on why this won't work? I've tried exploring the Ruby SDK code to see how they are doing it, but it's so complex, I can't figure out where this action actually takes place. Thanks!

How do you calculate signature? First at all check that you use correct signing process version. AWS api actually supports versions v2 and v4. Some aws resources supports both versions, some just v2 or v4. Base on this I would recommend to do following:
Check what version of the signing did you implement. More on versions:
http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
Check is your implementation match with algorithm described here: http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html

Related

How to call Control-M API's using Postman?

I have been trying to use the Control-M API documentation provided by BMC, and I am unable successfully invoke an API call to it.
When tried to first provide the login credentials using /login resource to get the apiKey which I could use for further resource calls, I get a variety of Error Responses. i.e. 405 method not allowed while using POST, and 404 Page not found while using GET. At this point I am not sure if there is some problem with Control-M API version(9.20.105), or am I using the correct endpoint (CTRLM URL)?
is is not possible via postman?
Note: I am not sure if I am allowed to paste my clients URL here.
I would be really helpful if someone could illustrate a live Control-M API call which is publicly available to test.
If you have an installation of Control-M with automation API you can use its swagger as reference.
Given a Control-M installed on a host named myControlM you should be able to browse to:
https://myControlM:8443/automation-api

AWS API Gateway Authentication with OneLogin

I've been exploring OneLogin and I think I have a basic understanding of how to use it; I was successful at configuring the Node+Passport sample application to authenticate with OneLogin and I understand the code.
I want to try it with AWS API Gateway. I've got an API already defined in AWS. On a high level I know I need to configure an Authorizer in AWS for OneLogin and that there is going to be some bit of information that I will need to pass in a header when I make my calls to the AWS Api Gateway (I assume a Bearer token that I get from authenticating with OneLogin before I interact with AWS, but I don't know).
Can someone give me a description of what I need to do? The most recent question that I see here on the topic was posted in 2016 back when the answer was "You can't do that." That answer has changed in the past 4 years. The OneLogin documentation says it can be done, but I have found not information on how to do it.
GENERAL PATTERN
The role of an authorizer function is to perform the following actions:
Validate access token
Optionally collect additional claims
Cache the claims for subsequent requests with the same token
Provide claims to business logic
In fact this is a general pattern that can be used anywhere, as referenced in my blog post.
TOKEN VALIDATION
I would use the One Login Introspection Endpoint.
Some NodeJS code of mine that calls an introspection endpoint is here.
AWS SPECIFICS
Since you are using OneLogin you will need to write some custom code. Your lambda authorizer will need to do standard OAuth 2.0 work, then return an AWS policy document. Some resources of mine may help you to understand how this works:
Lambda Authorizer Blog Post
Associated NodeJS Code
PAIN POINTS
The AWS plumbing is a bit painful, and it is possible you are using some different technology choices to me - I am using the Serverless Framework.
Hopefully though, this gives you something to run locally and compare against. Happy to answer any follow up questions ...

google api key gets 401

I am trying to call some endpoints on google cloud build but I just get 401 and I am wondering how to fix this? In the end, I want to curl but if the website is not working, there is truly something wrong! Here is the picture
Only a group of API services/products on Google Cloud Platform support API keys without more authentication methods (OAuth). You can find these specific services here. In the same page that you posted, if you go down on the documentation there should be a "Authorization Scopes" section listing the required OAuth scopes that the API requires, if so, it means OAuth is needed in order to use the service.
I look at the Cloud Build Rest Api Doc and indeed I can see OAuth is required, in addition to not being listed here. You need to implement OAuth for this specific Service (Cloud Build API).

Generating AWS signature in Groovy for soapUI

I am new to groovy scripting and I have to test AWS Rest API for which Authorization (consist of access_key and signature) is required. Request if anyone have working code available. It is PUT call on AWS S3.
I have tried searching and unable to find the same.
If you can afford it, the latest versions of soapUI Pro have AWS signing built it.
Otherwise, you'll have to write your own following the steps at Examples: Signature Calculations in AWS Signature Version 4. There's an example at Signature4 signing for elastic search in aws in Java, but it's easy enough to call from Groovy.

How to use AWS SDK for request signing

I'm trying to invoke an api request (service: execute-api) and a Signature v4 is required. I've been going through the documentation and I see clearly this:
Alternatively, you can use the AWS CLI or one of the AWS SDKs to
handle request signing for you.
I don't own the API and originally just thought I could use CURL but obviously IAM is configured. I'm wondering what the best way of making this request signed is?
Note:
Looks like there is an AWS4Signer class that may be what I'm looking for to generate the signature non-manually
I'm sorry, but from your question it's not clear whether you're just experimenting with the API or if you want to write a client that calls it (as in production code).
If you're just testing, you can use Postman to call the API (it supports SigV4). Details here.
If you are writing a client, the way to go is generating the SDK from API gateway, as noted in the comments. Should that not be possible, the next best option is to use one of the language-specific SDK signers to generate the SigV4 signature. AWS4Signer, like you said, is the way to go. It should be straightforward to integrate with it, but if you can share more details of your specific use case (platform, language, where do you get the AWS credentials from, etc), people can give you a better answer.
Last, if you want to generate the signature yourself, here's how the canonical generation of signatures work.