api - 我是 API 新手,我正在尝试使用 Shell 脚本中的 curl 发布 AWS API Gateway 请求
问题描述
我是 API 新手,我正在尝试使用 Shell 脚本中的 curl 发布 AWS API Gateway 的请求。
没有 IAM_AUTH 脚本很好,但是当我尝试使用 AWS Signature V4 连接时,它失败并出现错误“x-amzn-errortype: InvalidSignatureException”。我创建了一个 shell 脚本来在 curl 中创建授权标头。
#!/bin/bash -x
AWS_ACCESS_KEY_ID=ID
AWS_SECRET_ACCESS_KEY=KEY
method=POST
service=execute-api
host=execute-api.ca-central-1.amazonaws.com
region=ca-central-1
endpoint=https://${host}/
contentType=application/json
amazonTarget=""
amazonDate="$(date --utc +'%Y%m%dT%H%M%SZ')"
dateStamp="$(date --utc +'%Y%m%d')"
key="${AWS_SECRET_ACCESS_KEY}"
hex=`echo -ne "AWS4${key}" | hexdump | sed -e 's/^[0-9a-f]*//' -e 's/ //g' | tr -d '\n'`
dateStamp1="${dateStamp}"
regionName="${region}"
serviceName="${service}"
kDate1=`echo -ne "${dateStamp1}" | openssl dgst -sha256 -mac hmac -macopt "hexkey:$hex"`
kDate=${kDate1#*= }
echo $kDate
kRegion1=`echo -ne "${regionName}" | openssl dgst -sha256 -mac hmac -macopt "hexkey:$kDate"`
kRegion=${kRegion1#*= }
echo $kRegion
kService1=`echo -ne "${serviceName}" | openssl dgst -sha256 -mac hmac -macopt "hexkey:$kRegion"`
kService=${kService1#*= }
kSigning1=`echo -ne "aws4_request" | openssl dgst -sha256 -mac hmac -macopt "hexkey:$kService"`
kSigning=${kSigning1#*= }
getSignatureKey="${kSigning}"
# --- TASK 1: create canonical request ---
canonicalUri="<AWS_API_ID>.execute-api.ca-central-1.amazonaws.com/prod"
canonicalQueryString=""
canonicalHeaders="content-type:${contentType}\nhost:${host}\nx-amz-date:${amazonDate}\nx-amz-target:${amazonTarget}\n"
signedHeaders="content-type;host;x-amz-date;x-amz-target"
#payloadHash="$(sha256 "${requestParameters}")"
canonicalRequest="${method}\n${canonicalUri}\n${canonicalQueryString}\n${canonicalHeaders}\n${signedHeaders}\n${payloadHash}"
sha2561=`echo -ne "$canonicalRequest" | openssl dgst -sha256 -hex`
sha256=${sha2561#*= }
# --- TASK 2: create the string to sign ---
algorithm="AWS4-HMAC-SHA256"
credentialScope="${dateStamp}/${region}/${service}/aws4_request"
stringToSign="${algorithm}\n${amazonDate}\n${credentialScope}\n${sha256}"
# --- TASK 3: calculate the signature ---
signingKey="$getSignatureKey "${AWS_SECRET_ACCESS_KEY}" "${dateStamp}" "${region}" "${service}""
signature=`echo -ne "${stringToSign}" | openssl dgst -sha256 -hmac -hex -macopt "hexkey:$signingKey" -out /tmp/test.txt /bin/ps`
signature=`cat /tmp/test.txt`
signature=${signature#*= }
# --- TASK 4: add signing information to the request ---
authorizationHeader="${algorithm} Credential=${AWS_ACCESS_KEY_ID}/${credentialScope},
SignedHeaders=${signedHeaders}, Signature=${signature}"
# --- SEND REQUEST ---
CURL="curl --location --request POST 'https://<AWS_API_ID>.execute-api.ca-central-1.amazonaws.com/prod/ingest' --header 'X-Amz-Date:$amazonDate' --header "Authorization:$authorizationHeader' --data 'Hello, from your terminal!'"
--data 'Hello, from your terminal!'"
`$CURL`
解决方案
推荐阅读
- ios - 即使我按顺序删除,部分中的行数也无效
- vba - 将公共文件夹添加到我的收藏夹
- php - 当客户端在短时间内发送多个 POST 请求时,GoDaddy 服务器关闭连接
- python-3.x - C 扩展 - 如何将 printf 重定向到 python 记录器?
- amazon-web-services - 如何在 django 中使用多个存储桶?
- algorithmic-trading - 如何从图表对象列表中的指标中公开隐藏的箭头对象
- scala - Scala MurmurHash3 库与 Spark Hash 函数不匹配
- sql - 使用 WHERE 条件显示 2 个列出/GROUP BY 值的总和
- powershell - PowerShell - 如果 X 列中的值存在,则将值从源 CSV 返回到 CSV
- permissions - 为 inno setup 创建一个新用户组