问题
I have created sample GET and POST APIs on Amazon API Gateway following their official documentation. I have generated JS SDK for these APIs, which I am using to call these APIs from a client-side JS file hosted on S3. This works flawlessly without any 'Authorization Type'.
Now, when I set 'Authorization Type' for GET method as 'IAM', I am required to pass IAM credentials in order for it to work. In spite of passing my AWS account's root credentials, I am getting this in the response headers:
x-amzn-ErrorType:InvalidSignatureException:http://internal.amazon.com/coral/com.amazon.coral.service/
And finally it returns a 403 error code.
My question is: Has anyone successfully attempted to use generated javascript SDK from Amazon API Gateway with IAM authentication? Can you point where I might be going wrong?
Thanks.
回答1:
I was able to resolve this with the help of few folks on AWS Forum. It appears that the API Gateway GET method expects an empty body. By default, if you are following the README sample that comes with generated JS SDK, passing 'undefined' or just '{}' inside the body to GET causes a non-matching payload and this results in an incorrect signature being calculated.
As of now, I just made a small tweak in the /lib/apiGatewayCore/sigV4Client.js by hardcoding the body = ''.
This should be a temporary workout as this may affect your other API Gateway methods that require a filled 'body'. In my case, I only had GET methods.
来源:https://stackoverflow.com/questions/31664874/amazon-api-gateway-iam-authenticated-example-with-generated-js-sdk