使用设置API网关为Amazon Kinesis调用REST API

时间:2016-10-09 02:01:54

标签: amazon-kinesis amazon-kinesis-kpl

我正在尝试发送HTTP Post Request以将记录放入Amazon Kinesis Stream。有几种方法(Kinesis Client,KPL,将AWS Gateway设置为Kinesis Proxy)。

我看到了有关Kinesis PutRecord API的文档 http://docs.aws.amazon.com/kinesis/latest/APIReference/API_PutRecord.html 

POST / HTTP/1.1
Host: kinesis.<region>.<domain>
Content-Length: <PayloadSizeBytes>
User-Agent: <UserAgentString>
Content-Type: application/x-amz-json-1.1
Authorization: <AuthParams>
Connection: Keep-Alive 
X-Amz-Date: <Date>
X-Amz-Target: Kinesis_20131202.PutRecord
{
  "StreamName": "exampleStreamName",
  "Data": "XzxkYXRhPl8x",
  "PartitionKey": "partitionKey"
}

是否可以将上述HTTP POST请求发送到PutRecord,而无需按照此链接中的说明设置Amazon API Gateway: http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html#call-api-with-api-gateway-custom-authorization

KPL和Kinesis客户端必须以某种方式在内部使用HTTP POST到PutRecord,因此必须有办法这样做。不幸的是,我在网上找不到任何资源。

3 个答案:

答案 0 :(得分:2)

import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests
# ************* REQUEST VALUES *************
method = 'POST'
service = 'kinesis'
host = 'kinesis.us-east-1.amazonaws.com'
region = 'us-east-1'
endpoint = 'https://kinesis.us-east-1.amazonaws.com'
content_type = 'application/x-amz-json-1.1'

amz_target = 'Kinesis_20131202.PutRecord'
request_parameters = '{'
request_parameters += '"StreamName": "<StreamName>",'
request_parameters += '"Data": "' + base64.b64encode(<DATA>) + '",'
request_parameters += '"PartitionKey": "<PartitionKey>"'
request_parameters += '}'

# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python
def sign(key, msg):
    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, date_stamp, regionName, serviceName):
    kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'aws4_request')
    return kSigning

access_key = '<ACCESS KEY>'
secret_key = '<SECRET KEY>'
if access_key is None or secret_key is None:
    print 'No access key is available.'
    sys.exit()
# Create a date for headers and the credential string
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ')
date_stamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope


canonical_uri = '/'

canonical_querystring = ''

canonical_headers = 'content-type:' + content_type + '\n' + 'host:' + host + '\n' + 'x-amz-date:' + amz_date + '\n' + 'x-amz-target:' + amz_target + '\n'

signed_headers = 'content-type;host;x-amz-date;x-amz-target'

payload_hash = hashlib.sha256(request_parameters).hexdigest()

canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash

algorithm = 'AWS4-HMAC-SHA256'
credential_scope = date_stamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' +  amz_date + '\n' +  credential_scope + '\n' +  hashlib.sha256(canonical_request).hexdigest()

signing_key = getSignatureKey(secret_key, date_stamp, region, service)

signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()

authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' +  'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
print authorization_header;


headers = {'Content-Type':content_type,
           'X-Amz-Date':amz_date,
           'X-Amz-Target':amz_target,
           'Authorization':authorization_header}
# ************* SEND THE REQUEST *************
print '\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++'
print 'Request URL = ' + endpoint
r = requests.post(endpoint, data=request_parameters, headers=headers)
print '\nRESPONSE++++++++++++++++++++++++++++++++++++'
print 'Response code: %d\n' % r.status_code
print r.text

只需在代码中更改标有&lt;&gt;的所需参数即可你将能够通过HTTP命中端点。这仅适用于因某些原因无法使用aws-sdk或aws-cli的情况。

上面的代码是在python中。

进行转换,请检查以下链接。 https://github.com/danharper/hmac-examples

答案 1 :(得分:-1)

您必须setup API Gateway将RESTful API调用连接到Kinesis。因为您需要为Kinesis API设置IAM角色和策略,并将其与Kinesis的AWS服务代理关联。

您发布的链接是如何自定义授权者,API网关仍在运行的背后。

设置API网关后,您可以参考https://docs.aws.amazon.com/kinesis/latest/APIReference/API_CreateStream.html来管理您的kinesis流/记录。

答案 2 :(得分:-2)

import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests
# ************* REQUEST VALUES *************
method = 'POST'
service = 'kinesis'
host = 'kinesis.cn-north-1.amazonaws.com.cn'
region = 'cn-north-1'
endpoint = 'https://kinesis.cn-north-1.amazonaws.com.cn'
content_type = 'application/x-amz-json-1.1'

amz_target = 'Kinesis_20131202.PutRecord'
request_parameters = '{'
request_parameters += '"StreamName": "cummins_kinesis_test",'
request_parameters += '"Data": "euoioeuiuoeieoieio",'
request_parameters += '"PartitionKey": "test"'
request_parameters += '}'

# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python
def sign(key, msg):
    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, date_stamp, regionName, serviceName):
    kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'aws4_request')
    return kSigning

access_key = 'xxxxxxxxxxxxxxxxxxx'
secret_key = 'xxxxxxxxxxxxxxxxxxx'
if access_key is None or secret_key is None:
    print( 'No access key is available.')
    sys.exit()
# Create a date for headers and the credential string
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ')
date_stamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope


canonical_uri = '/'

canonical_querystring = ''

canonical_headers = 'content-type:' + content_type + '\n' + 'host:' + host + '\n' + 'x-amz-date:' + amz_date + '\n' + 'x-amz-target:' + amz_target + '\n'

signed_headers = 'content-type;host;x-amz-date;x-amz-target'

payload_hash = hashlib.sha256(request_parameters.encode('utf-8')).hexdigest()

canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash

algorithm = 'AWS4-HMAC-SHA256'
credential_scope = date_stamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' +  amz_date + '\n' +  credential_scope + '\n' +  hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

signing_key = getSignatureKey(secret_key, date_stamp, region, service)

signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()

authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' +  'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
print(authorization_header);


headers = {'Content-Type':content_type,
           'X-Amz-Date':amz_date,
           'X-Amz-Target':amz_target,
           'Authorization':authorization_header}
# ************* SEND THE REQUEST *************
print( '\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + endpoint)
r = requests.post(endpoint, data=request_parameters, headers=headers)
print( '\nRESPONSE++++++++++++++++++++++++++++++++++++')
print( 'Response code: %d\n' % r.status_code)
print( r.text )
相关问题
最新问题