Can anyone help figure out how to use AWS Signature, AWS Credentials and PHP SDK 3 to access an API Gateway API? It seems like AWS Signature does not actually attach headers to a Guzzle request.
Here is my code:
<?php
require 'vendor/autoload.php';
use AwsCredentialsCredentials;
use GuzzleHttpClient;
use GuzzleHttpPsr7Request;
use AwsSignatureSignatureV4;
$access_key = '<access_key>';
$secret_key = '<secret_key>';
$url = 'https://<api-id>.execute-api.us-east-1.amazonaws.com/v1/camel?q=*';
$region = 'us-east-1';
$credentials = new Credentials($access_key, $secret_key);
var_dump($credentials);
$client = new Client();
$request = new Request('GET', $url);
var_dump($request);
$s4 = new SignatureV4("execute-api", $region);
$s4 = new SignatureV4("execute-api", "us-east-1");
$s4->signRequest($request, $credentials);
var_dump($s4);
var_dump($request);
$response = $client->send($request);
And the error I’m getting is:
( ! ) Fatal error: Uncaught exception
'GuzzleHttpExceptionClientException' with message ' in
/path/to/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on
line 113
( ! ) GuzzleHttpExceptionClientException: Client error: `GET
https://<api-id>.execute-api.us-east-1.amazonaws.com/v1/camel?q=*`
resulted in a `403 Forbidden` response: {"message":"Missing
Authentication Token"} in
/path/to/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on
line 113
Call Stack
# Time Memory Function Location
1 0.0002 234048 {main}( ) ../access.php:0
2 0.2801 486272 GuzzleHttpClient->send( ) ../access.php:29
3 0.3787 574224 GuzzleHttpPromisePromise->wait( ) ../Client.php:106
Line 29 of access.php is:
$response = $client->send($request);
It doesn’t appear from the var_dumps that any headers are being added. I am able to successfully test this endpoint in the API Gateway and in Postman. Enabling CORS does not appear to make a difference.
Has anyone solved this issue yet?
This issue is also covered at https://forums.aws.amazon.com/post!reply.jspa?messageID=795522 and https://forums.aws.amazon.com/thread.jspa?messageID=774631&tstart=0 but there are no solutions there.
Advertisement
Answer
Thanks, Michael, for your help above.
You have to use the return from new SignatureV4, which is a modified request.
$s4 = new SignatureV4("execute-api", $region);
$signedrequest = $s4->signRequest($request, $credentials);
$response = $client->send($signedrequest);
echo $response->getBody();