sormy / aws-curl Goto Github PK

with aws-curl apparently I need to add --service exectute-api, but it still fails...
Ran these back to back...

Success:
$ awscurl --region us-east-1 --location --request POST --header 'host: ao9ypslxuh.execute-api.us-east-1.amazonaws.com' --header 'Content-Type: application/json' --header 'Accept: /' --header 'Accept-Encoding: gzip, deflate, br' --header 'Connection: keep-alive' --data '{
"cluster_name": "dev3-compute-dev-us-east-1",
"ingress_weight": "255",
"k8s_name": "dev3-100-fltsuite-svc-data-fltsuite-svc-data",
"k8s_namespace": "dev3-fltsuite-svc-data"
}' "https://vpce-0e417798a7d74506c-brkzcqhg.execute-api.us-east-1.vpce.amazonaws.com/dev-sre/sre/ops/eks/modify-ingress-dns-weight"
Ingress dns record weight updated successfully

$ aws-curl --service execute-api --region us-east-1 --location --request POST --header 'host: ao9ypslxuh.execute-api.us-east-1.amazonaws.com' --header 'Content-Type: application/json' --header 'Accept: /' --header 'Accept-Encoding: gzip, deflate, br' --header 'Connection: keep-alive' --data '{
"cluster_name": "dev3-compute-dev-us-east-1",
"ingress_weight": "255",
"k8s_name": "dev3-100-fltsuite-svc-data-fltsuite-svc-data",
"k8s_namespace": "dev3-fltsuite-svc-data"
}' "https://vpce-0e417798a7d74506c-brkzcqhg.execute-api.us-east-1.vpce.amazonaws.com/dev-sre/sre/ops/eks/modify-ingress-dns-weight"
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method....

The Canonical String for this request should have been
'POST
/dev-sre/sre/ops/eks/modify-ingress-dns-weight

accept:/
accept-encoding:gzip, deflate, br
connection:
content-type:application/json
host:ao9ypslxuh.execute-api.us-east-1.amazonaws.com
x-amz-date:20211027T205534Z
x-amz-security-token:FwoGZXIvYXdzEA4aDOy<deleted==

accept;accept-encoding;connection;content-type;host;x-amz-date;x-amz-security-token
bf175ed8be53b4bdb6c593db867e5a99295e495cbbedc340d0e0828b7df40e32'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20211027T205534Z
20211027/us-east-1/execute-api/aws4_request
04bec624523a442fe9eb358d3b6bfb562a55cad968c23788bf1ce4970c8a706f'

Then removing all the optional headers made no diff.

aws-curl --service execute-api --region us-east-1 --request POST --header 'host: ao9ypslxuh.execute-api.us-east-1.amazonaws.com' --header 'Content-Type: application/json' --data '{
"cluster_name": "dev3-compute-dev-us-east-1",
"ingress_weight": "255",
"k8s_name": "dev3-100-fltsuite-svc-data-fltsuite-svc-data",
"k8s_namespace": "dev3-fltsuite-svc-data"
}' "https://vpce-0e417798a7d74506c-brkzcqhg.execute-api.us-east-1.vpce.amazonaws.com/dev-sre/sre/ops/eks/modify-ingress-dns-weight"
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method.

Still fails after brew install coreutils.

/usr/local/bin/aws-curl: line 43: gsed: command not found

To give a concrete example, OpenWrt is normally distributed with BusyBox sed, not GNU sed. Because of this the otherwise perfect script fails due to the lack of GNU extensions. For instance "\L" and "\E" are not supported:

I understand that this is a problem limited to a few niche situations, so please close the issue directly if the implementation is too laborious.

Thanks @sormy

In AWS Lambda am exploring the possibility of executing cURL commands within Lambda functions. Could you please provide guidance on best practices, limitations, and any necessary configurations for achieving this?

Thank you for your assistance.