我试图从EC2获取实例列表。如果我应用过滤器来仅获取正在运行的实例,即请求是:
POST https://ec2.us-west-2.amazonaws.com/ec2?Action=DescribeInstances&Filter.1.Name=instance-state-name&Filter.1.Value.1=running&Version=2015-10-01
然后我按预期得到答复:
Received response: 200 - OK, Latency: 235441, Server: AmazonEC2, Date: Thu, 14 Jan 2016 13:08:45 GMT, Vary: Accept-Encoding, Transfer-Encoding: chunked, Content-Type: text/xml;charset=UTF-8, <?xml version="1.0" encoding="UTF-8"?>
<DescribeInstancesResponse xmlns="http://ec2.amazonaws.com/doc/2015-10-01/">...
但是,如果我应用过滤器来仅获取标记为MY_frontend的实例,即请求为:
POST https://ec2.us-west-2.amazonaws.com/ec2?Action=DescribeInstances&Filter.1.Name=tag:Name&Filter.1.Value.1=MY_frontend&Version=2015-10-01
然后我收到错误回复:
Received response: 401 - Unauthorized, Latency: 127257, Server: AmazonEC2, Date: Thu, 14 Jan 2016 13:09:32 GMT, Transfer-Encoding: chunked, <?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>e61a2f44-0397-40ea-8832-45879d36dacd</RequestID></Response>
令人困惑的是,使用AWS CLI工具的(显然)相同的请求成功:
aws ec2 describe-instances --filter Name=instance-state-name,Values=running Name=tag:Name,Values=MY_frontend
我的工具和AWS CLI都使用相同的基于角色的凭据。
是什么导致这种情况?
答案 0 :(得分:1)
答案是......
':'是保留字符,需要进行url转义。这是AWS CLI发送的内容(在POST的主体而不是URL中)
Filter.1.Name=instance-state-name&Filter.2.Value.1=MY_frontend&Filter.2.Name=tag%3AName&Version=2015-04-15&Action=DescribeInstances&Filter.1.Value.1=running
我希望错误更有启发性,而不是“未经授权”。