AWS IOT-凭据的范围应能纠正服务 [英] AWS IOT - Credential should be scoped to correct service
问题描述
我正在尝试访问简单的AWS IOT REST服务,但目前还无法成功进行.这是我所做的.
I am trying to access a simple AWS IOT REST service but I have not been able to do so successfully yet. Here is what I did.
- 我在自己的AWS上创建了一个IAM用户,并下载了访问密钥和秘密密钥
- 使用该用户登录到AWS IOT,并创建一个东西"
- 从事物的属性中,我找到了阴影的REST URL
- 在Postman中使用了新的"aws签名"功能,并为其提供了访问密钥,秘密密钥,区域(us-east-1)和服务名称(iot)
-
试图获取"端点,这就是我得到的-
- I created an iam user in my aws and downloaded the access key and secret key
- Logged into AWS IOT with that user and created a "thing"
- From the thing's property I found the REST URL for the shadow
- Used Postman with the new "aws signature" feature and provided it with the access key, secret key, region (us-east-1) and service name (iot)
Tried to "GET" the endpoint and this is what I got -
{
"message": "Credential should be scoped to correct service. ",
"traceId": "be056198-d202-455f-ab85-805defd1260d"
}
{
"message": "Credential should be scoped to correct service. ",
"traceId": "be056198-d202-455f-ab85-805defd1260d"
}
我认为邮递员出了点问题,所以我尝试使用aws-sdk-sample示例来连接S3,并将其更改为连接到IOT URL. 这是我的程序片段(Java)
I thought there is something wrong with postman so I tried using aws-sdk-sample example of connecting to S3 and changed it to connect to the IOT URL. Here is my program snippet (Java)
String awsAccessKey = "fasfasfasdfsdafs";
String awsSecretKey = "asdfasdfasfasdfasdfasdf/asdfsdafsd/fsdafasdf";
URL endpointUrl = null;
String regionName = "us-east-1";
try {
endpointUrl = new URL("https://dasfsdfasdf.iot.us-east-1.amazonaws.com/things/SOMETHING/shadow");
}catch (Exception e){
e.printStackTrace();
}
Map<String, String> headers = new HashMap<String, String>();
headers.put("x-amz-content-sha256", AWSSignerBase.EMPTY_BODY_SHA256);
AWSSignerForAuthorizationHeader signer = new AWSSignerForAuthorizationHeader(
endpointUrl, "GET", "iot", regionName);
String authorization = signer.computeSignature(headers,
null, // no query parameters
AWSSignerBase.EMPTY_BODY_SHA256,
awsAccessKey,
awsSecretKey);
// place the computed signature into a formatted 'Authorization' header
// and call S3
headers.put("Authorization", authorization);
String response = HttpUtils.invokeHttpRequest(endpointUrl, "GET", headers, null);
System.out.println("--------- Response content ---------");
System.out.println(response);
System.out.println("------------------------------------");
这给了我同样的错误-
--------- Request headers ---------
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Authorization: AWS4-HMAC-SHA256 Credential=fasfasfasdfsdafs/20160212/us-east-1/iot/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=3b2194051a8dde8fe617219c78c2a79b77ec92338028e9e917a74e8307f4e914
x-amz-date: 20160212T182525Z
Host: dasfsdfasdf.iot.us-east-1.amazonaws.com
--------- Response content ---------
{"message":"Credential should be scoped to correct service. ","traceId":"cd3e0d96-82fa-4da5-a4e1-b736af6c5e34"}
------------------------------------
有人可以告诉我我做错了吗? AWS文档没有太多关于此错误的信息.请帮助
Can someone tell me what I am doing wrong please? AWS documentation does not have much information on this error. Please help
推荐答案
如果iot
示例:
Sign your request with iotdata
instead if iot
example:
AWSSignerForAuthorizationHeader signer = new AWSSignerForAuthorizationHeader(
endpointUrl, "GET", "iotdata", regionName);
这篇关于AWS IOT-凭据的范围应能纠正服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!