2

我创建了一个步进函数,并尝试使用 HTTP 请求调用它。我正在使用 Postman 生成授权签名,但收到 403:forbidden 响应。

<InvalidSignatureException>
  <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

I am invoking https://states.ap-northeast-1.amazonaws.com and getting back the reponse

The Canonical String for this request should have been
'POST
/

content-length:116
content-type:application/x-www-form-urlencoded
host:states.ap-northeast-1.amazonaws.com
x-amz-date:20170125T183745Z

content-length;content-type;host;x-amz-date
488183a388ce9b63833585129e71399296c8aa0ce4108b8f90d9616c43969a97'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20170125T183745Z
20170125/ap-northeast-1/states/aws4_request
fb2e325f309bf455dddbc0cd389523a9aa2410523393c9dc3890dac6e93e923c'
</Message>
</InvalidSignatureException>

看来我无权调用 step 函数。但是在策略文件中,我已授予给定角色的用户访问权限:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::7640*******:user/*****",
        "Service": "states.ap-northeast-1.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

请帮我设置一下?

4

2 回答 2

0

似乎 aws 身份验证在邮递员中不起作用: https ://github.com/postmanlabs/postman-app-support/issues/3232

于 2017-11-03T10:57:19.267 回答
0

sts:AssumeRole在政策中有声明,但您没有调用stsAPI,是吗?您调用statesAPI 但在策略中没有相应的语句。

删除sts:AssumeRole声明。添加以下语句。

Effect: Allow
Action: states:StartExecution
Resource: ARN of your state machine
于 2017-03-06T08:19:34.233 回答