我创建了一个步骤函数,我试图使用HTTP请求调用它。我正在使用Postman生成授权签名,但我收到403:禁止响应。
<InvalidSignatureException>
<Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
I am invoking https://states.ap-northeast-1.amazonaws.com and getting back the reponse
The Canonical String for this request should have been
'POST
/
content-length:116
content-type:application/x-www-form-urlencoded
host:states.ap-northeast-1.amazonaws.com
x-amz-date:20170125T183745Z
content-length;content-type;host;x-amz-date
488183a388ce9b63833585129e71399296c8aa0ce4108b8f90d9616c43969a97'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20170125T183745Z
20170125/ap-northeast-1/states/aws4_request
fb2e325f309bf455dddbc0cd389523a9aa2410523393c9dc3890dac6e93e923c'
</Message>
</InvalidSignatureException>
似乎我没有调用step函数的权限。但是在策略文件中,我已授予用户对给定角色的访问权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::7640*******:user/*****",
"Service": "states.ap-northeast-1.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
请帮我设置一下?
答案 0 :(得分:0)
您在政策中有sts:AssumeRole声明,但您没有致电sts API,是吗?您调用states API,但政策中没有相应的声明。
删除sts:AssumeRole声明。
添加以下声明。
Effect: Allow
Action: states:StartExecution
Resource: ARN of your state machine
答案 1 :(得分:0)
似乎aws身份验证在postman中不起作用: https://github.com/postmanlabs/postman-app-support/issues/3232