通过设置 API 网关为 Amazon Kinesis 调用 REST API [英] Call REST API for Amazon Kinesis with Setting up API Gateway

问题描述

我正在尝试发送 HTTP Post 请求以将记录放入 Amazon Kinesis Stream.有多种方式(Kinesis 客户端、KPL、将 AWS 网关设置为 Kinesis 代理).

I am trying to send a HTTP Post Request to put a record into Amazon Kinesis Stream. There are several ways (Kinesis Client, KPL, setting up AWS Gateway as Kinesis Proxy).

我看到了这个关于 Kinesis PutRecord API 的文档http://docs.aws.amazon.com/kinesis/latest/APIReference/API_PutRecord.html

I saw this document about Kinesis PutRecord API http://docs.aws.amazon.com/kinesis/latest/APIReference/API_PutRecord.html

POST / HTTP/1.1
Host: kinesis.<region>.<domain>
Content-Length: <PayloadSizeBytes>
User-Agent: <UserAgentString>
Content-Type: application/x-amz-json-1.1
Authorization: <AuthParams>
Connection: Keep-Alive 
X-Amz-Date: <Date>
X-Amz-Target: Kinesis_20131202.PutRecord
{
  "StreamName": "exampleStreamName",
  "Data": "XzxkYXRhPl8x",
  "PartitionKey": "partitionKey"
}

是否可以将上述 HTTP POST 请求发送到 PutRecord，而无需按照此链接中的说明设置 Amazon API Gateway:http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html#call-api-with-api-gateway-custom-authorization

Is it possible to send the above HTTP POST Request to PutRecord without having to set up Amazon API Gateway as explained in this link: http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html#call-api-with-api-gateway-custom-authorization

KPL 和 Kinesis Client 必须以某种方式在内部使用 HTTP POST 到 PutRecord，因此必须有一种方法可以这样做.很遗憾，我在网上找不到任何资源.

KPL and Kinesis Client must somehow internally use HTTP POST to PutRecord, so there must be a way to do so. Unfortunately, I could not find any resources online.

推荐答案

import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests
# ************* REQUEST VALUES *************
method = 'POST'
service = 'kinesis'
host = 'kinesis.us-east-1.amazonaws.com'
region = 'us-east-1'
endpoint = 'https://kinesis.us-east-1.amazonaws.com'
content_type = 'application/x-amz-json-1.1'

amz_target = 'Kinesis_20131202.PutRecord'
request_parameters = '{'
request_parameters += '"StreamName": "<StreamName>",'
request_parameters += '"Data": "' + base64.b64encode(<DATA>) + '",'
request_parameters += '"PartitionKey": "<PartitionKey>"'
request_parameters += '}'

# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python
def sign(key, msg):
    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, date_stamp, regionName, serviceName):
    kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'aws4_request')
    return kSigning

access_key = '<ACCESS KEY>'
secret_key = '<SECRET KEY>'
if access_key is None or secret_key is None:
    print 'No access key is available.'
    sys.exit()
# Create a date for headers and the credential string
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ')
date_stamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope


canonical_uri = '/'

canonical_querystring = ''

canonical_headers = 'content-type:' + content_type + '
' + 'host:' + host + '
' + 'x-amz-date:' + amz_date + '
' + 'x-amz-target:' + amz_target + '
'

signed_headers = 'content-type;host;x-amz-date;x-amz-target'

payload_hash = hashlib.sha256(request_parameters).hexdigest()

canonical_request = method + '
' + canonical_uri + '
' + canonical_querystring + '
' + canonical_headers + '
' + signed_headers + '
' + payload_hash

algorithm = 'AWS4-HMAC-SHA256'
credential_scope = date_stamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '
' +  amz_date + '
' +  credential_scope + '
' +  hashlib.sha256(canonical_request).hexdigest()

signing_key = getSignatureKey(secret_key, date_stamp, region, service)

signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()

authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' +  'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
print authorization_header;


headers = {'Content-Type':content_type,
           'X-Amz-Date':amz_date,
           'X-Amz-Target':amz_target,
           'Authorization':authorization_header}
# ************* SEND THE REQUEST *************
print '
BEGIN REQUEST++++++++++++++++++++++++++++++++++++'
print 'Request URL = ' + endpoint
r = requests.post(endpoint, data=request_parameters, headers=headers)
print '
RESPONSE++++++++++++++++++++++++++++++++++++'
print 'Response code: %d
' % r.status_code
print r.text

只需更改代码中标有 <> 的必需参数，您就可以通过 HTTP 访问端点.这仅适用于由于某种原因无法使用 aws-sdk 或 aws-cli 的情况.

Just change the required parameters in the code that are marked with <> and you ll be able to hit the endpoint via HTTP. This is only applicable if you cant use aws-sdk or aws-cli for some reason.

以上代码是python.

The above code is in python.

要进行转换，请查看以下链接.https://github.com/danharper/hmac-examples

for transformation, check the following link. https://github.com/danharper/hmac-examples

这篇关于通过设置 API 网关为 Amazon Kinesis 调用 REST API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！