Stack Overflow Asked by Xliff on January 2, 2021
I am currently writing an interface layer to the AWS EC2 Query API, and I was having a relative degree of success until I started digging deeper into its features.
I can run the following query request with no problems:
?Action=DescribeInstances&DryRun=False&MaxResults=1000&Version=2016-11-15
However, when I start using Filters on the DescribeInstances action, I run into unexplanable errors.
Howver this query, which uses the ip-address filter describe here:
?Action=DescribeInstances&DryRun=False&Filter.1.Name=ip%2Daddress&Filter.1.Value=52%2E204%2E71%2E190&MaxResults=1000& Version=2016-11-15
Thanks in advance!
…will result in the following error:
AWS was not able to validate the provided access credentials (AuthFailure)
Can someone give me pointers on where I am going wrong?
UPDATE: To reiterate, I suspect that this error message is a red herring. I have tried both of the above queries on an EC2 Image with the Administrator IAM role attached, and I still get the same behavior. So unless there is a good reason to suspect a traditional AuthFailure, ask yourselves why an Adminisrator can access the DescribeImages action without issue, but causes an AuthFailure when a Filter is added. I hope this is due to my use of said Filters and that its my implementation that is at issue. Thanks.
UPDATE2: While a few responses have been helpful, this question still has not yet been answered to my satisfaction.
UPDATE3: It looks like Amazon has fixed this issue on its own.
In your URL-encoded request, there seems to be a space in '& Version...'.
Back to the larger picture, perhaps you should consider running awscli from your code (in a subprocess), rather than trying to make your own requests and sign them yourself?
Also, awscli itself is really quite handy (and complete). For starters, it helps formulate the request and quickly see what gets returned.
Also, you can use it with --debug to observe (among other things) the request and the response sent over the wire.
Example:
aws ec2 describe-instances --region us-east-1
--filters "Name=ip-address,Values=${IP}"
"Name=instance-state-name,Values=running"
--max-items 10
--query 'Reservations[*].Instances[*].PrivateIpAddress'
--output json
--debug
Output:
2020-12-27 xx:xx:xx,xxx - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=DescribeInstances) with params:
{'body': {u'Filter.1.Name': u'ip-address', u'Filter.2.Value.1': u'running',
u'Filter.2.Name': u'instance-state-name', 'Version': u'2016-11-15',
'Action': u'DescribeInstances', u'Filter.1.Value.1': u'xx.xxx.xxx.xxx'},
'url': u'https://ec2.us-east-1.amazonaws.com/', 'headers': {'Content-Type':
'application/x-www-form-urlencoded; charset=utf-8',
(...), 'method': u'POST'}
Answered by Pierre D on January 2, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP