我遵循here中的步骤生成了规范的字符串和用于签名AWS4 SDK的字符串。我得到403。这就是我打印response.text时得到的:
{\"message\":\"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
\\'PUT
/dev/trial
content-type:application/x-www-form-urlencoded
host:myendpoint.execute-api.us-west-2.amazonaws.com
x-amz-date:20190918T002703Z
content-type;host;x-amz-date
402d04afaaf71664b4820123456789bda0df4601423fe13cc851b475798016b5\\'
The String-to-Sign should have been
\\'AWS4-HMAC-SHA256
20190918T002703Z
20190918/us-west-2/execute-api/aws4_request
55f919eb5d745c06760eea01da0123456789b3b1ac1cf2bf0627701d06db0780\\'
\"}
我还尝试打印我计算出的规范字符串和字符串签名,如下所示:
实际规范要求:
PUT
/dev/trial
content-type:application/x-www-form-urlencoded
host:myendpoint.execute-api.us-west-2.amazonaws.com
x-amz-date:20190918T002703Z
content-type;host;x-amz-date
402d04afaaf71664b4820123456789bda0df4601423fe13cc851b475798016b5
要签名的实际字符串:
AWS4-HMAC-SHA256
20190918T002703Z
20190918/us-west-2/execute-api/aws4_request
55f919eb5d745c06760eea01da0123456789b3b1ac1cf2bf0627701d06db0780
至少对我而言,AWS计算出的值与我计算出的值完全相同。然后我仍然收到“签名不匹配”错误?
我确实看过类似的SO问题。他们所有人的请求都有问题,例如缺少\n或其他日期格式。我不相信我有那些问题。
如果有帮助,这是我创建签名的某些组件的方法:
canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' + hashlib.sha256(
canonical_request.encode('utf-8')).hexdigest()
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
headers = {'x-amz-date': amzdate, 'Authorization': authorization_header, 'host': host,
'content-type': content_type, 'x-api-key': api_key}
很乐意提供更多详细信息,如果这有助于解决此问题。