search

DinoChiesa / Apigee-Java-AWSV4-Signature

Apache License 2.0
2 stars 1 forks source link

Receving 403 on Connecting to AWS SQS #2

Open bavejam opened 5 months ago

bavejam commented 5 months ago

I have a Assign Message Policy, I am getting 403 on sending message to SQS.


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="AM-SetMessgae">
  <AssignTo createNew="true" type="request">outgoingAwsMessage</AssignTo>
  <Set>
    <Verb>POST</Verb>
    <Path>/969964885399/metric-api-poc</Path>
    <Payload contentType="application/x-www-form-urlencoded">
      <![CDATA[
        Action=SendMessage&MessageBody={request.content}
      ]]>
    </Payload>
  </Set>
</AssignMessage>

I have verified that I am passing the correct key and secret , however the signature is not getting verified and receiveing 403 from the library.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<JavaCallout continueOnError="false" enabled="true" name="Java-SendSQS">
  <DisplayName>Java-SendSQS</DisplayName>
  <Properties>
    <Property name="debug">true</Property>
    <Property name="service">sqs</Property>
    <Property name="endpoint">https://sqs.us-east-1.amazonaws.com</Property>
    <Property name="region">us-east-1</Property>
    <Property name="key">***</Property>
    <Property name="secret">***</Property>
    <Property name="source">outgoingAwsMessage</Property>
  </Properties>
  <ClassName>com.google.apigee.callouts.AWSV4Signature</ClassName>
  <ResourceURL>java://apigee-callout-awsv4sig-20230705.jar</ResourceURL>
</JavaCallout>
DinoChiesa commented 5 months ago

I don't have any good ideas here, other than to suggest that you follow the troubleshooting steps suggested by AWS here.

From my Google search, I learned that in some cases keys with "special characters" can lead to this error, and re-generatiing keys can avoid it. The "debug" property in the callout will show you the values of interim results in computing the signautre and may help diagnose the problem - whether it is an incorrect canonical string, or etc.

Debugging signature mismatch errors requires close examination of all of the factors and assumptions. Take your time and you should be able to work through it. If your efforts show that the 403 is due to a problem in this callout, I'll be glad to fix it. But since you have not submitted evidence of that, I cannot investigate further.