Sending AWS EC2 RestAPI using Postman returns error

1
votes

I am trying to send a EC2 RestAPI (DescribeInstances) using Postman application. I created a user in IAM in AWS. I generated a AccessKeyId and SecretKey for that particular user, and gave the user "AmazonEC2FullAccess" policy (all EC2 access). I used the following steps in Postman to send the ResAPI:

  • "Get" operation, set End Point to https://ec2.amazonaws.com/?Action=DescribeInstances

  • In the "Authorization" Tab, selected "AWS Signature" and set the following fields:

    • AccessKey = ACCESSKEYEXAMPLE
    • SecretKey = SECRETKEYEXAMPLE
    • AWS Region = us-west-1
    • Service Name = ec2

  • Click on "Update Request", which ends up generating 3 Headers. I used the info from the generated Headers to modify the endpoint as follows:

https://ec2.amazonaws.com/?Action=DescribeInstances&Version=2016-11-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ACCESSKEYEXAMPLE/20170913/us-west-1/ec2/aws4_request&X-Amz-Date=20170913T013055Z&X-Amz-SignedHeaders=content-type&X-Amz-Signature=amzsignaturesamplegenerated

  • "Content-Type" header is set to "application/x-www-form-urlencoded", and deleted X-Amz-Date and Authorization headers.

When I sent the RestAPI by clicking on "Send", I get the following error response: Status : "401 Unauthorized" AuthFailureAWS was not able to validate the provided access credentials4bc49d04-2115-4b95-8af5-5ac879ac5df3

The error seems to suggest a malformed RestAPI as opposed to an unauthorized access. Tried different variations, very confused. Any help would be highly appreciated.

Thank you, Ahmed.

2
restamazon-web-servicesamazon-ec2postman
ec2.amazonaws.com is not the endpoint for us-west-1. The correct hostname is ec2.us-west-1.amazonaws.com.Michael - sqlbot
Changing just the endpoint did not help, same error message. However, changing the endpoint as you suggested and putting the auth credentials as a Header parameter got the API to work (docs.aws.amazon.com/general/latest/gr/…). Any idea why putting the auth credential as a query fails? Thank you again.Ahmed A
It's difficult to be certain, but your description makes it sound like you tinkered with the request after generating the URL. For a GET request, the browser would not normally set a Content-Type header, as it would with a POST.Michael - sqlbot

2 Answers

4
votes

I just found the solution to the same issue. Your URL should be:

https://ec2.us-west-1.amazonaws.com/?Action=DescribeInstances&Version=2016-11-15

It didn't work until I added &Version=2016-11-15 and the region.

This AWS Documentation page says that Version is mandatory

0
votes

Just to complement @chriscatfr answer, here is a screenshot how to set postman parameters to query for instances in us-east-1 region:

enter image description here