有人使用 cUrl 来管理 AWS (EC2) REST API 吗?在这里,我选择了最简单的调用,列出了正在运行的实例。我是否遗漏了某些内容,或者我是否明显表现出对正确 cUrl 用法的无知?我拥有的唯一真正的线索是 2014 年的这篇post,除了分散的 AWS 文档之外,这些文档没有显示实际的完整示例。 (我确实意识到有 SDK)。我需要一位卷曲专家……我想,还有一个人可以帮助我克服 AWS 技术作家过度使用“规范”一词的问题。
重击:
amz_access_key_ID="????"
amz_ec2_secret="????"
amz_host=ec2.amazonaws.com
amz_date8=`date -u "+%Y%m%d"`
amz_date_http=`date -uR`
amz_date_rfc8601=`date -u "+%Y%m%dT%H%M%SZ"`
amz_content_type="application/json"
amz_credential="${amz_access_key_ID}/${amz_date8}/us-west-2/ec2/aws4_request"
amz_signed_headers="${amz_host};${amz_date_rfc8601};${amz_content_type}"
amz_signature=`echo -en ${amz_signed_headers} | openssl sha256 -hmac ${amz_ec2_secret} -binary | base64`
params="Action:DescribeInstances;Version:2016-11-15;X-Amz-Algorithm:AWS4-HMAC-SHA256;X-Amz-Credential:${amz_credential};X-Amz-Date:${amz_date_rfc8601};X-Amz-SignedHeaders:${amz_signed_headers};X-Amz-Signature:${amz_signature}"
curl -X POST -H "Content-Type:${amz_content_type}" -H "Date:${amz_date_http}" -H "Host:${amz_host}" -F "${params}" http://ec2.amazonaws.com/
亚马逊结果:
<!doctype html><html...HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Encountered an Internal Error</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><hr class="line" /></body>
curl
中实现。您至少错过了看起来像这样的规范请求(来自docs的示例):
GET
/
Action=ListUsers&Version=2010-05-08
content-type:application/x-www-form-urlencoded; charset=utf-8
host:iam.amazonaws.com
x-amz-date:20150830T123600Z
content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
我最近在 https://github.com/sengaya/aws-micro-cli 启动了一个小项目,它实现了 s3
和
sts
的一些基本 API 调用。虽然此时它不支持
ec2
,但您可以查看代码或运行类似的代码来获取最终的
curl
输出以及制作请求的步骤:
AWS_ACCESS_KEY_ID=foo AWS_SECRET_ACCESS_KEY=bar aws-micro s3 ls
完整调试输出:
s3://some-bucket --debug --dryrun
DEBUG - get_bucket_from_s3url: some-bucket
DEBUG - get_key_from_s3url:
DEBUG - create_request_url: https://some-bucket.s3.amazonaws.com/
DEBUG - get_host_from_request_url: some-bucket.s3.amazonaws.com
DEBUG - array_sort: host:some-bucket.s3.amazonaws.com
x-amz-content-sha256:123456789123456789123456789
x-amz-date:20201007T155300Z
DEBUG - array_sort: host
x-amz-content-sha256
x-amz-date
DEBUG - create_canonical_and_signed_headers: host:some-bucket.s3.amazonaws.com
x-amz-content-sha256:123456789123456789123456789
x-amz-date:20201007T155300Z
host;x-amz-content-sha256;x-amz-date
DEBUG - get_canonical_uri: /
DEBUG - create_canonical_request: GET
/
host:some-bucket.s3.amazonaws.com
x-amz-content-sha256:123456789123456789123456789
x-amz-date:20201007T155300Z
host;x-amz-content-sha256;x-amz-date
123456789123456789123456789
DEBUG - sha256: 123456789123456789123456789
DEBUG - create_string_to_sign: AWS4-HMAC-SHA256
20201007T155300Z
20201007//s3/aws4_request
123456789123456789123456789
DEBUG - create_authorization_header: AWS4-HMAC-SHA256 Credential=foo/20201007//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=123456789123456789123456789
curl -v --fail https://some-bucket.s3.amazonaws.com/ -H Authorization: AWS4-HMAC-SHA256 Credential=foo/20201007//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=123456789123456789123456789 -H x-amz-content-sha256:123456789123456789123456789 -H x-amz-date:20201007T155300Z