AWS authentication failed using HTTPS request

Question

I'm deploying CSR 1000v on an EC2 instance in AWS.

This is my python code for authentication in order to use RESTCONF which is already enabled in the router.

import requests
import pprint
from aws_requests_auth.aws_auth import AWSRequestsAuth 

def get_json(interface):

    authaws = AWSRequestsAuth(aws_access_key='AWS_ACCESS_KEY',
                       aws_secret_access_key='AWS_SECRET_ACCESS_KEY',
                       aws_host='ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com',
                       aws_region='us-west-2',
                       aws_service='compute')

    source = 'https://ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com/restconf/data/'
    module = 'ietf-interfaces:'
    container = 'interfaces'
    leaf = '/interface=' + interface
    options = ''

    url = source + module + container + leaf + options
    headers = {'Content-type': 'application/yang-data+json', 'Accept': 'application/yang-data+json'}

    r = requests.get(url, auth=authaws, headers=headers, verify=False)

    return r.json()

if __name__ == '__main__':

    interface = 'GigabitEthernet1'

    pprint.pprint(get_json(interface))

Here what I got after execution.

server@zsz:~/shared_files$ python get_one_interface.py 
/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
{u'errors': {u'error': [{u'error-tag': u'access-denied',
                         u'error-type': u'protocol'}]}}

Obviously, the authentication cannot be done. For aws_access_key and aws_secret_access_key, I got it from IAM console. I even generated new ones, but still does not work.

The first problem seems to be SSL certificate verification-related, so you should investigate that. Cert verification is obviously an important function in secure communications to prevent MITM attacks. Related: https://stackoverflow.com/questions/27981545/suppress-insecurerequestwarning-unverified-https-request-is-being-made-in-pytho — jarmod, Jan 30 '19 at 14:42
@jarmod the SSL certificate verification-related has been solved. However the error is still remained. `{u'errors': {u'error': [{u'error-tag': u'access-denied', u'error-type': u'protocol'}]}}` — Khalil Mebarkia, Jan 30 '19 at 15:00
I’m not familiar with restconf but are you sure that AWS credentials are actually valid here? They are credentials for authenticating against AWS services. — jarmod, Jan 30 '19 at 15:11
@jarmod well, HTTP(S) traffics are allowed. Otherwise, I don't know how to check credentials for authenticating. I think it is the main problem here. — Khalil Mebarkia, Jan 30 '19 at 15:24
I think it would be good to understand more about interacting with netconf and the authentication requirements of the netconf server you have installed on your EC2 instance. You may need to use manager from the ncclient package, connect to the netconf manager using nc-specific authentication, and then retrieve capabilities from there. See https://pypi.org/project/ncclient/ — jarmod, Jan 30 '19 at 17:13

score -1 · Answer 1 · answered Jan 31 '19 at 08:27

-1

I have managed to find the solution.

In the router:

(config)#user any-user-name privilege 15 secret supersecretpassword

Then, it worked! Thanks to anyone who tried to help :)

answered Jan 31 '19 at 08:27

Khalil Mebarkia

159
3
10

AWS authentication failed using HTTPS request

1 Answers1