with aws-curl apparently I need to add --service exectute-api, but it still fails...
Ran these back to back...
Success:
$ awscurl --region us-east-1 --location --request POST --header 'host: ao9ypslxuh.execute-api.us-east-1.amazonaws.com' --header 'Content-Type: application/json' --header 'Accept: /' --header 'Accept-Encoding: gzip, deflate, br' --header 'Connection: keep-alive' --data '{
"cluster_name": "dev3-compute-dev-us-east-1",
"ingress_weight": "255",
"k8s_name": "dev3-100-fltsuite-svc-data-fltsuite-svc-data",
"k8s_namespace": "dev3-fltsuite-svc-data"
}' "https://vpce-0e417798a7d74506c-brkzcqhg.execute-api.us-east-1.vpce.amazonaws.com/dev-sre/sre/ops/eks/modify-ingress-dns-weight"
Ingress dns record weight updated successfully
$ aws-curl --service execute-api --region us-east-1 --location --request POST --header 'host: ao9ypslxuh.execute-api.us-east-1.amazonaws.com' --header 'Content-Type: application/json' --header 'Accept: /' --header 'Accept-Encoding: gzip, deflate, br' --header 'Connection: keep-alive' --data '{
"cluster_name": "dev3-compute-dev-us-east-1",
"ingress_weight": "255",
"k8s_name": "dev3-100-fltsuite-svc-data-fltsuite-svc-data",
"k8s_namespace": "dev3-fltsuite-svc-data"
}' "https://vpce-0e417798a7d74506c-brkzcqhg.execute-api.us-east-1.vpce.amazonaws.com/dev-sre/sre/ops/eks/modify-ingress-dns-weight"
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method....
The Canonical String for this request should have been
'POST
/dev-sre/sre/ops/eks/modify-ingress-dns-weight
accept:/
accept-encoding:gzip, deflate, br
connection:
content-type:application/json
host:ao9ypslxuh.execute-api.us-east-1.amazonaws.com
x-amz-date:20211027T205534Z
x-amz-security-token:FwoGZXIvYXdzEA4aDOy<deleted==
accept;accept-encoding;connection;content-type;host;x-amz-date;x-amz-security-token
bf175ed8be53b4bdb6c593db867e5a99295e495cbbedc340d0e0828b7df40e32'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20211027T205534Z
20211027/us-east-1/execute-api/aws4_request
04bec624523a442fe9eb358d3b6bfb562a55cad968c23788bf1ce4970c8a706f'
Then removing all the optional headers made no diff.
aws-curl --service execute-api --region us-east-1 --request POST --header 'host: ao9ypslxuh.execute-api.us-east-1.amazonaws.com' --header 'Content-Type: application/json' --data '{
"cluster_name": "dev3-compute-dev-us-east-1",
"ingress_weight": "255",
"k8s_name": "dev3-100-fltsuite-svc-data-fltsuite-svc-data",
"k8s_namespace": "dev3-fltsuite-svc-data"
}' "https://vpce-0e417798a7d74506c-brkzcqhg.execute-api.us-east-1.vpce.amazonaws.com/dev-sre/sre/ops/eks/modify-ingress-dns-weight"
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method.