Geek Answers Handbook

How to create a signature for an AWS import API request?

According to AWS Import API docs, the request is as follows:

POST / HTTP/1.1 content-type:application/x-www-form-urlencoded;charset=utf-8 host: https://importexport.amazonaws.com content-length:356 Operation=CreateJob&Manifest=manifestVersion%3A%202.0%0Abucket%3A%20myBucket %0AaccessKeyId%3A%2013Q2729HYRYMYRB3FK02%0AreturnAddress%3A%0A%20%20%20%20name%3A%20 Amazon.com%20ATTN%20Joe%20Random%20%0A%20%20%20%20street1%3A%201200%20AAAA%20Ave%20 S.%0A%20%20%20%20city%3A%20Seattle%0A%20%20%20%20stateOrProvince%3A%20WA%0A%20%20%20%20 postalCode%3A%2098114%0A%20%20%20%20phoneNumber%3A%20206-266-0000%0A%20%20%20%20 country%3A%20USA&JobType=Import&AWSAccessKeyId=1111729HYRYMYRB3FK02& SignatureVersion=2&SignatureMethod=%2FVfkltRBOoSUi1sWxRzN8rw%3D

As you can see, the last parameter in the body data is SignatureMethod. But it looks like a signature. I found two available values โ€‹โ€‹for SignatureMethod. These are HmacSHA1 and HmacSHA256.

I used the aws / s3 gem to generate a signature request string, and finally I got a request similar to the previous one, but with a slight change at the end.

 POST / HTTP/1.1 content-type:application/x-www-form-urlencoded;charset=utf-8 host: https://importexport.amazonaws.com content-length:356 Operation=CreateJob&Manifest=manifestVersion%3A%202.0%0Abucket%3A%20myBucket %0AaccessKeyId%3A%2013Q2729HYRYMYRB3FK02%0AreturnAddress%3A%0A%20%20%20%20name%3A%20 Amazon.com%20ATTN%20Joe%20Random%20%0A%20%20%20%20street1%3A%201200%20AAAA%20Ave%20 S.%0A%20%20%20%20city%3A%20Seattle%0A%20%20%20%20stateOrProvince%3A%20WA%0A%20%20%20%20 postalCode%3A%2098114%0A%20%20%20%20phoneNumber%3A%20206-266-0000%0A%20%20%20%20 country%3A%20USA&JobType=Import&AWSAccessKeyId=1111729HYRYMYRB3FK02& SignatureVersion=2&SignatureMethod=HmacSHA1&Expires=2010-09-16T00:50:54-07:00&Signature=%2FVfkltRBOoSUi1sWxRzN8rw%3D

But the answer is still forbidden. Forbidden.

 HTTP/1.1 403 Forbidden x-amzn-RequestId: c0cb004b-c15e-11df-ad6c-5731ef5a3d54 Content-MD5: HvqVlJqxxJ5B5A73W4nUCg== Content-Type: text/xml Content-Length: 439 Date: Thu, 16 Sep 2010 06:50:55 GMT <ErrorResponse xmlns="http://importexport.amazonaws.com/doc/2010-06-01/"> <Error> <Type>Sender</Type> <Code>SignatureDoesNotMatch</Code> <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message> </Error> <RequestId>c0cb004b-c15e-11df-ad6c-5731ef5a3d54</RequestId> </ErrorResponse>

You can find the code I used for testing here. http://gist.github.com/581726

Please tell me what is wrong and how to create a signature correctly.

+4
source share
1 answer

I'm not sure what this stone does, but the main signing works like this:

 aws_secret = 'foo' # aws provides this query_string = 'Operation=CreateJob&Manifest=...' # this is for your api call hmac = HMAC::SHA256.new(aws_secret) hmac.update(query_string) signature = Base64.encode64(hmac.digest).chomp

BTW : You must restore your credentials since you shared your passkey here.

+1
source

More articles:


All Articles