How to MAP AWS_IAM Credentials via HTTP Proxy to Actual HTTP EndPoint in API Gateway of AWS?

0
votes

I have a http-endpoint - A.

We can call this endpoint via another http-endpoint-B.

So B-->A

We are using AWS API Gateway to do the above. Now - A is AWS_IAM Protected, and B has no protection. So A require x-amz-security-token, AccessKey,SecretKey,X-Amz-Date,Authorization. I used API Gateway's API's Resource feature - Method Request and Integration request to do the appropriate mapping.

enter image description here

Done various other ways, but at the end I am getting the following error :

{ "message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method......" }

May I know what I am missing here ?, I have already looked on documentation and several other references but didn't find anything appropriate.

1
amazon-web-servicesamazon-iamaws-api-gateway
Now - A is AWS_IAM Protected, ... So A require x-amz-security-token, AccessKey,SecretKey What? There is no AWS service that requires you to pass your secret key with a request. It is a secret key.Michael - sqlbot
@Michael-sqlbot I am using Amazon Cognito (written lambda/auth code around it), that returns the Temporary credentials(x-amz-security-token, AccessKey,SecretKey) to access the intended resources.Sumit Arora
Ah, yes that does make more sense.Michael - sqlbot

1 Answers

0
votes

The error you are getting indicates that endpoint A is expecting the request to be signed with sigV4. Currently, API Gateway will only sign the request to the backend integration endpoint when using the "AWS Service Proxy" integration type. This is hidden by default. When setting up the method, under "Integration Type" click on "Show Advanced". That makes "AWS Service Proxy" visible. When you select it, the integration fields change to a new set that is relevant for calling AWS services. An example of using the AWS Service Proxy can be found here.

Note that API Gateway does not currently support calling all AWS services. More specifically, it does not support calling other API Gateway APIs as integration endpoints. So, if endpoint A is another API Gateway API, then this won't work. If you need to call an AWS service that API Gateway does not currently support, then you can work around this by creating a Lambda function to call your endpoint and call the Lambda function from API Gateway.