c# - Unable to access AWS using a Facebook AssumeRoleWithWebIdentity credentials -

-

short version

logged in facebook user, use oauth token assume iam role on aws. returns looks valid credentials, e.g. there accesskeyid, secretaccesskey similar length our master keys.

when try use these credentials access dynamodb table, 1 of 2 exceptions:

  1. "the remote server returned error: (400) bad request."; or
  2. "the security token included in request invalid.".

i'm using aws c# sdk version 1.5.25.0

long version

as said above, i'm trying access dynamodb table on aws using credentials supplied amazonsecuritytokenserviceclient authorized facebook identity described in this aws guide.

the policy iam role i've created is:

{   "version": "2012-10-17",   "statement": [     {       "action": [         "dynamodb:batchgetitem",         "dynamodb:putitem",         "dynamodb:query",         "dynamodb:scan",         "dynamodb:updateitem"       ],       "sid": "stmt1372350145000",       "resource": [         "*"       ],       "effect": "allow"     }   ] }

how credentials:

  1. the user logs in facebook using oauth.
  2. using access token, assume iam role using amazonsecuritytokenserviceclient.assumerolewithwebidentity request.

  3. this returns looks valid credentials, e.g. accesskeyid, secretaccesskey similar length our master keys.

    using (var tokenserviceclient = new amazonsecuritytokenserviceclient(regionendpoint.useast1)) {     var request = new assumerolewithwebidentityrequest     {         durationseconds = (int)timespan.fromhours(1).totalseconds,         providerid = "graph.facebook.com",         rolearn = "arn:aws:iam::193557284355:role/facebook-oauth",         rolesessionname = result.id,         webidentitytoken = fbclient.accesstoken     };      var response = tokenserviceclient.assumerolewithwebidentity(request);      awsassumedroleuser = response.assumerolewithwebidentityresult.assumedroleuser;     awscredentials = response.assumerolewithwebidentityresult.credentials; }

how use these credentials:

using returned credentials, try access aws dynamodb resource.

using (var client = new amazondynamodbclient(awscredentials.accesskeyid, awscredentials.secretaccesskey, awscredentials.sessiontoken, regionendpoint.useast1)) {     var context = new dynamodbcontext(client);     var data = context.scan<somedata>();     }

this returns "the remote server returned error: (400) bad request." when trying scan table.

this variation in exception message is; if omit awscredentials.sessiontoken above amazondynamodbclient

using (var client = new amazondynamodbclient(awscredentials.accesskeyid, awscredentials.secretaccesskey, regionendpoint.useast1)) {     var context = new dynamodbcontext(client);     var data = context.scan<somedata>(); }

this returns "the security token included in request invalid." when trying scan table.

question

at point cannot tell wrong, credentials invalid or i'm not passing through needed aws.

can offer insight wrong or how debug further?

i cross-posted question aws forums , received answer amazon engineer.

https://forums.aws.amazon.com/message.jspa?messageid=465057

dynamodbcontext object invokes describetable on target table (and caches data, optimal performance want keep context object around long possible, call done once per target table). modify policy follows:

{   "version": "2012-10-17",   "statement": [     {       "action": [         "dynamodb:batchgetitem",         "dynamodb:putitem",         "dynamodb:query",         "dynamodb:scan",         "dynamodb:updateitem",         "dynamodb:describetable"               ],       "sid": "stmt1372350145000",       "resource": [         "*"       ],       "effect": "allow"     }   ] }

Comments

Post a Comment

Popular posts from this blog

compilation - PHP install fails on Ubuntu 14 (make: *** [sapi/cli/php] Error 1) PHP 5.6.20 -

-
i using following configuration: ./configure --with-libdir=lib --with-config-file-path=/etc/ --with-config-file-scan-dir=/etc/php5/mods-available --with-pear --enable-cli --enable-intl --with-icu-dir=/opt/icu4c --enable-bcmath --disable-cgi --enable-fpm --with-zlib --with-openssl --with-kerberos --with-bz2 --with-curl --enable-ftp --enable-zip --enable-exif --with-gd --with-jpeg-dir=/usr/lib64 --with-freetype-dir=/usr/lib64 --enable-gd-native-ttf --with-gettext --with-gmp --with-mhash --with-iconv --with-imap --with-mysql --with-imap-ssl --enable-sockets --enable-soap --with-xmlrpc --with-mcrypt --enable-mbstring --enable-embedded-mysqli --with-mysqli=mysqlnd --with-mysql-sock --with-sqlite3 --with-pdo-mysql --with-pdo-mysql=mysqlnd --with-pdo-sqlite --enable-phar --enable-pcntl and make fails after sometime giving following error: collect2: error: ld returned 1 exit status make: *** [sapi/cli/php] error 1 i searched , docs tell using make clean, did not , ‘-lresolve’ in ma...
Read more

php - Passing multiple values in a url using checkbox -

-
Image
i know may answered not able find related this. here thing struggling :- i have 2 value passing in check box :- <input name='class[]' type='checkbox' class='checkbox' value='".$x_value['type1'].":".$x_value['type2']."'> on running :- <input name="class[]" type="checkbox" class="checkbox" value="2681:14175"> so want how can pass these value separated ":" in url. something :- http://domainname.com/approve.php?type1=2681&type2=14175 purpose :- actually getting value api response curl , generating multiple checkboxes. each checkbox contains 2 value separated ":". now want run separate api in different file values url. update : below complete code :- <?php foreach($apiresponse['response']['data'] $x =>$x_value) { foreach($x_value $x => $x_value) { echo "...
Read more

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

-
i trying fetch records database , having above error this classs appropriate getters , setters public class user { private int id; private string username; private string password; private string email; i have create database , inserted data below configuration <bean id="datasource" class="org.apache.commons.dbcp2.basicdatasource" destroy-method="close"> <property name="driverclassname" value="com.mysql.jdbc.driver"/> <property name="url" value="jdbc:mysql://localhost:3306/usersdb"/> <property name="username" value="root"/> <property name="password" value=""/> </bean> this complete stacktrace severe: servlet.service() servlet [appservlet] in context path [/spring] threw exception [request processing failed; nested exception org.hibernate.exception.sqlgrammarexception: not ...
Read more