carsales / aws-request-signer Goto Github PK
View Code? Open in Web Editor NEWA chrome extension that signs requests to AWS endpoints (using Signature Version 4 signing process)
License: Apache License 2.0
aws-request-signer's People
Contributors
Stargazers
Watchers
Forkers
migtor gregfahy lanxx019 liath xogroup bjfletcher forestjohnsonpeoplenet giphyvera bengelsdorff easen arichen jonathanhle oreoluwa wrc4 acgfbr houeyaws-request-signer's Issues
Quicken the configuration process
As fast as I know, the way to configure this is to click on the dialog, and hit 'save' at every change that needs to be persisted, as even switching from the browser to another window (e.g. to copy a credential) will hide the dialog. That was a tad frustrating, it'd be nice to have a non-temporary dialog.
Allow adding localhost
I don't believe we support to sign requests sent via a proxy setup on localhost. That would be great to have for development.
User-defined service & URL
Can you allow users to define our own services and matching URLs?
Document the instance profile credentials service
I don't understand what it's for, and the source code refers to a mysterious URL (http://169.254.169.254) which is a tad scary in a credentials-using addon context.
Secondary Kibana request is failing
I can tell the extension is working to a certain extent (and that my credentials are correct), because the initial request for /_plugin/kibana/app/kibana succeeds with the extension enabled and fails with a 403 when it is disabled, when all IP-based access is turned off. However, a follow-up XHR still fails. It fails whether or not IP-based access is turned on just for /_plugin/kibana* as the AWS documentation suggests. The end result is that the Kibana UI is mostly blank and therefore unusable.
Here is the request, according to Chrome Dev Tools.
Headers:
POST /_plugin/kibana/elasticsearch/.kibana/index-pattern/_search?stored_fields= HTTP/1.1
Host: search-xo-local-marketplace-qa-vcijihl6ltipgo7qheen7wpnoa.us-east-1.es.amazonaws.com
Connection: keep-alive
Content-Length: 39
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, */*
Origin: https://search-xo-local-marketplace-qa-vcijihl6ltipgo7qheen7wpnoa.us-east-1.es.amazonaws.com
kbn-version: 5.1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
content-type: application/json
Referer: https://search-xo-local-marketplace-qa-vcijihl6ltipgo7qheen7wpnoa.us-east-1.es.amazonaws.com/_plugin/kibana/app/kibana
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8
X-Amz-Algorithm: AWS4-HMAC-SHA256
X-Amz-Date: 20170313T175125Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIO2Y6A2LAY7DZAGA/20170313/us-east-1/es/aws4_request, SignedHeaders=accept;accept-encoding;accept-language;content-type;host;kbn-version;origin;referer;user-agent;x-amz-algorithm;x-amz-date, Signature=cfd5a35dae359d724af81c33d72636df727c3ee3def9dbfaafa2aac6ffb1ef06
Body:
{"query":{"match_all":{}},"size":10000}
And the response:
Headers:
HTTP/1.1 403 Forbidden
Content-Type: application/json
x-amzn-RequestId: ad64f745-0815-11e7-a99c-3f630c879fe1
Content-Length: 1382
Connection: keep-alive
Body:
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/_plugin/kibana/elasticsearch/.kibana/index-pattern/_search\nstored_fields=\naccept:application/json, text/plain, */*\naccept-encoding:gzip, deflate, br\naccept-language:en-US,en;q=0.8\ncontent-type:application/json\nhost:search-xo-local-marketplace-qa-vcijihl6ltipgo7qheen7wpnoa.us-east-1.es.amazonaws.com\nkbn-version:5.1.1\norigin:https://search-xo-local-marketplace-qa-vcijihl6ltipgo7qheen7wpnoa.us-east-1.es.amazonaws.com\nreferer:https://search-xo-local-marketplace-qa-vcijihl6ltipgo7qheen7wpnoa.us-east-1.es.amazonaws.com/_plugin/kibana/app/kibana\nuser-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36\nx-amz-algorithm:AWS4-HMAC-SHA256\nx-amz-date:20170313T175125Z\n\naccept;accept-encoding;accept-language;content-type;host;kbn-version;origin;referer;user-agent;x-amz-algorithm;x-amz-date\n85c570db5c8f74e47e46b3c7fdb5c813672b1cf356125e518010a504ab2d8dc8'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20170313T175125Z\n20170313/us-east-1/es/aws4_request\n5803962055042f933641c400ba70ca21771c742bb6153d2860eb86ad213b3801'\n"}
Any assistance you could give would be greatly appreciated. I would love to have my devs use this extension rather than me having to turn on IP-based access for ES. Thank you.
Error while trying to access AWS managed Kibana instance
Not sure what caused the error, I was able to use the plugin to access the endpoint until yesterday, now I am getting this error:
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'POST
/_plugin/kibana/elasticsearch/.kibana/index-pattern/%2A
accept:application/json, text/plain, */*
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.8
content-type:application/json
host:search-logs-xxx.us-east-1.es.amazonaws.com
kbn-version:5.1.1
origin:https://search-logs-xxx.us-east-1.es.amazonaws.com
referer:https://search-logs-xxx.us-east-1.es.amazonaws.com/_plugin/kibana/app/kibana
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
x-amz-algorithm:AWS4-HMAC-SHA256
x-amz-date:20170406T154620Z
accept;accept-encoding;accept-language;content-type;host;kbn-version;origin;referer;user-agent;x-amz-algorithm;x-amz-date
24ac1a370c64425df01b72216658d45ce970f8607c5947be39ec3893574a27f2'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20170406T154620Z
20170406/us-east-1/es/aws4_request
35fe4abf9ff06a5f2e5f0d561278f8eccadabc94467790235da765a3082afa3b'
The only thing I did was adding a new Kibana instance and access that instance as well.
Request to Elasticsearch failed: "Authorization Exception"
We're using the plugin to access Kibana on our managed Elasticsearch instance. The console in the Dev Tools tab is working as expected, but with Kibana in general we get the following error message.
Error: Request to Elasticsearch failed: "Authorization Exception"
at https://elasticsearch_url/_plugin/kibana/bundles/kibana.bundle.js?v=15443:27:23337
at processQueue (https://elasticsearch_url/_plugin/kibana/bundles/commons.bundle.js?v=15443:38:23621)
at https://elasticsearch_url/_plugin/kibana/bundles/commons.bundle.js?v=15443:38:23888
at Scope.$eval (https://elasticsearch_url/_plugin/kibana/bundles/commons.bundle.js?v=15443:39:4619)
at Scope.$digest (https://elasticsearch_url/_plugin/kibana/bundles/commons.bundle.js?v=15443:39:2359)
at Scope.$apply (https://elasticsearch_url/_plugin/kibana/bundles/commons.bundle.js?v=15443:39:5037)
at done (https://elasticsearch_url/_plugin/kibana/bundles/commons.bundle.js?v=15443:37:25027)
at completeRequest (https://elasticsearch_url/_plugin/kibana/bundles/commons.bundle.js?v=15443:37:28702)
at XMLHttpRequest.xhr.onload (https://elasticsearch_url/_plugin/kibana/bundles/commons.bundle.js?v=15443:37:29634)
Does anyone have experienced the same issue? Elasticsearch is on version 5.5. Kibana is 5.5.2.
aws elasticsearch kibana issue
I'm using the aws request singer to access the aws elasticsearch kibana sashboard and it works almost fine.
The only resources that are not signed are fonts:
Request URL:https://search-xxx-pre-xxx.eu-west-1.es.amazonaws.com/_plugin/kibana/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0
Request Method:GET
Status Code:403 Forbidden
Remote Address:xx.xx.xx.xx
### GET /_plugin/kibana/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1
Host: search-xxx-pre-xxx.eu-west-1.es.amazonaws.com/_plugin/kibana/styles/main.css
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Origin: https://search-xxx-pre-xxx.eu-west-1.es.amazonaws.com/_plugin/kibana/styles/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36
Accept: */*
Referer: https://search-xxx-pre-xxx.eu-west-1.es.amazonaws.com/_plugin/kibana/styles/main.css?_b=7562
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
but if i call the the direct link it sign the request and download the file.
Request URL:https://search-xxx-pre-xxx.eu-west-1.es.amazonaws.com/_plugin/kibana/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0
Request Method:GET
Status Code:200 OK
Remote Address:xx.xx.xx.xx
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Authorization:AWS4-HMAC-SHA256 Credential=AKIAJHUBJSCJ2S267XEQ/20161021/eu-west-1/es/aws4_request, SignedHeaders=accept;accept-encoding;accept-language;host;upgrade-insecure-requests;user-agent;x-amz-algorithm;x-amz-date, Signature=2cc4e3edb1fee8e3a1f6f8e4ed1623eda6731df41418c56dd58715274c34da88
Cache-Control:no-cache
Connection:keep-alive
Host:search-xxx-pre-xxx.eu-west-1.es.amazonaws.com
Pragma:no-cache
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36
X-Amz-Algorithm:AWS4-HMAC-SHA256
X-Amz-Date:20161021T073411Z
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.