Verified Permissions always return 400 incorrect

[theyardstudio]

Dependencies

{:deps {com.cognitect.aws/api                 {:mvn/version "0.8.686"}
        com.cognitect.aws/endpoints           {:mvn/version "1.1.12.504"}
        com.cognitect.aws/verifiedpermissions {:mvn/version "848.2.1413.0"}}

Description with failing test case

Trying to invoke any Verified Permissions :op results in:

{:cognitect.aws.http/status 400,
 :cognitect.anomalies/category :cognitect.anomalies/incorrect}

All the operations work when running them via the AWS CLI or in a Lambda via the SDK - so the relevant accounts have all the required IAM permissions and are being passed all the necessary request parameters (at least as far as the CLI or SDK are concerned).

for example:

(-> (aws/client {:api :verifiedpermissions :region "us-east-1"})
      (aws/invoke {:op :ListPolicies
                   :request {:policyStoreId "xxxxxxxxxxxxxxxxxxxxxx"}}))

Stack traces

No further feedback is returned, just the anomaly.

[scottbale]

Thanks for the writeup. I am able to reproduce this problem.

The presence of the accept request header seems to be causing the problem in this case (source code). When I comment this line out I get a 200 response.

Unfortunately:

• as you can see, there's a comment on that line of code to the effect that at least one service we know of (apigateway) requires that request header
• I can't think of a way through aws-api public API to remove that header on a per-client basis.

We'll have to give this some thought...

[scottbale]

Related to #206