aws authentication errors

[kevinlisota]

This is being reported in the support forum as well. Upon initial setup, I am unable to authenticate with the Access Key and Secret Access Key. I've used both the root key from my account and an User key with full access. Both throw the same error "There was an error authenticating."

I am having a hard time diagnosing the error, as nothing shows up in the logs. Does this plugin not work with the new AWS authentication API?

[kevinlangleyjr]

Sorry you're running into issues here. We have not run into these issues before. By "new AWS authentication API", do you mean the IAM users functionality? http://aws.amazon.com/iam/

[kevinlisota]

Sorry, I think I was imprecise with the error. The problem I am having is not authentication, rather it is the difference between the 2011-02-01 API and the newer 2013-01-01 API. It appears that your plugin tries to create a 2011-02-01 version of the search domain, but AWS may want the 2013-01-01 version for fresh installs.

http://docs.aws.amazon.com/cloudsearch/latest/developerguide/migrating.html

This is being reported by others on the WP support forums. I did change the Cloud_Config_Request version in cloud-config-api.php, and that allowed the search domain creation, but worry that the plugin isn't built to use that version of the API.

http://wordpress.org/support/topic/there-was-an-error-authenticating-please-check-your-access-key-id-and-secret-ac-1

[richarvey]

I can confirm this bug. I also believe that if you don't have a pre-existing search domain set up before 2013 it fails. This is down to the API versions.

Also to save you some programming you could consider using the auth methods from:

https://wordpress.org/plugins/amazon-web-services/

Not a requirement but might help.

[richarvey]

I have a patch will make a pull request in a second.

[kevinlangleyjr]

Hey guys,

Just wanted to let you know this is being addressed in #75 and should be merged in shortly!

[alexjs]

Hi @kevinlangleyjr - just wanted to check, does #75 (or this ticket) cover authentication of the document submissions themselves?

Looking at result of using the plugin in master now, it looks like the plugin isn't signing the submission POST, e.g.:

POST /2013-01-01/documents/batch HTTP/1.0
[...]
Content-Type: application/json
Accept: application/json
Accept-Encoding: deflate;q=1.0, compress;q=0.5
Content-Length: 31015
[{"type":"add","id":"1_1_6","version":1420421033,"lang":"en","fields":{"id":6,"blog_id":1,"site_id":1,"post_title":[...]

--
HTTP/1.1 403 Forbidden
Content-Type: application/json
x-amzn-RequestId: 82d15cd7-9479-11e4-8545-0bc917ea514f
Content-Length: 402
Connection: Close
{"__type":"#AccessDenied","errors":[{"message":"[*Deprecated*: Use the outer message field] User: anonymous is not authorized to perform: cloudsearch:document on resource: arn:aws:cloudsearch:eu-west-1:[...]:domain/[...]"}],"message":"User: anonymous is not authorized to perform: cloudsearch:document on resource: arn:aws:cloudsearch:eu-west-1:[...]:domain/[...]","status":"error"}

Which I think means the only way to submit data would be to allow all submissions?