Can anyone help figure out how to use AWS Signature, AWS Credentials and PHP SDK 3 to access an API Gateway API? It seems like AWS Signature does not actually attach headers to a Guzzle request.
Here is my code:
<?phprequire 'vendor/autoload.php';use AwsCredentialsCredentials;use GuzzleHttpClient;use GuzzleHttpPsr7Request;use AwsSignatureSignatureV4;$access_key = '<access_key>';$secret_key = '<secret_key>';$url = 'https://<api-id>.execute-api.us-east-1.amazonaws.com/v1/camel?q=*';$region = 'us-east-1';$credentials = new Credentials($access_key, $secret_key);var_dump($credentials);$client = new Client();$request = new Request('GET', $url);var_dump($request);$s4 = new SignatureV4("execute-api", $region);$s4 = new SignatureV4("execute-api", "us-east-1");$s4->signRequest($request, $credentials);var_dump($s4);var_dump($request);$response = $client->send($request);And the error I’m getting is:
( ! ) Fatal error: Uncaught exception 'GuzzleHttpExceptionClientException' with message ' in /path/to/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113( ! ) GuzzleHttpExceptionClientException: Client error: `GET https://<api-id>.execute-api.us-east-1.amazonaws.com/v1/camel?q=*` resulted in a `403 Forbidden` response: {"message":"Missing Authentication Token"} in /path/to/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113Call Stack# Time Memory Function Location1 0.0002 234048 {main}( ) ../access.php:02 0.2801 486272 GuzzleHttpClient->send( ) ../access.php:293 0.3787 574224 GuzzleHttpPromisePromise->wait( ) ../Client.php:106Line 29 of access.php is:
$response = $client->send($request);It doesn’t appear from the var_dumps that any headers are being added. I am able to successfully test this endpoint in the API Gateway and in Postman. Enabling CORS does not appear to make a difference.
Has anyone solved this issue yet?
This issue is also covered at https://forums.aws.amazon.com/post!reply.jspa?messageID=795522 and https://forums.aws.amazon.com/thread.jspa?messageID=774631&tstart=0 but there are no solutions there.
Advertisement
Answer
Thanks, Michael, for your help above.
You have to use the return from new SignatureV4, which is a modified request.
$s4 = new SignatureV4("execute-api", $region);$signedrequest = $s4->signRequest($request, $credentials);$response = $client->send($signedrequest);echo $response->getBody();