6

I'm trying to hit this AWS endpoint:

https://abcde12345hf.execute-api.us-east-2.amazonaws.com/dev/users

which returns:

[{
  "id": 1,
  "name": "Mike"
},{
  "id": 2,
  "name": "Brian"
}]
  • In my Angular code I'm using AWS4 library to send secretAccessKey, accessKeyId and sessionToken to authenticate the user, but I get the following error:

core.js:12501 ERROR Error: Uncaught (in promise): Error: Request failed with status code 403 Error: Request failed with status code 403

  • Does anyone know how to use AWS4 properly with Angular so I can make this simple GET call? or does anyone know another way to make this call using those keys and token for authentication? Thanks a lot in advance!

This is how I get the keys and token (This part works great)

AWS.config.region = 'us-east-2';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'us-east-2:ehkjthf-sf23-12ds-xxxxxxxxx',
    Logins: {
        'cognito-idp.us-east-2.amazonaws.com/us-east-2_Raxxxx': this.id_token
    }
});

console.log(AWS.config.credentials);

Now, this is how I'm using those keys and token to make the GET call.

(AWS.config.credentials as AWS.Credentials).get(function(error: AWSError){
  if(error){
    console.log('Error ', error);
  }else{
  let request = {
    host: 'https://abcde12345hf.execute-api.us-east-2.amazonaws.com/dev/users',
    method: 'GET',
    url:  'https://abcde12345hf.execute-api.us-east-2.amazonaws.com/dev/users',
    path: '/users',
    headers: {
      "Content-Type":"application/json"
    },
  }

  let signedRequest = aws4.sign(request,
    {
      secretAccessKey: AWS.config.credentials.secretAccessKey,
      accessKeyId: AWS.config.credentials.accessKeyId,
      sessionToken: AWS.config.credentials.sessionToken
    });

    delete signedRequest.headers['Host']
    delete signedRequest.headers['Content-Length']

    axios(signedRequest).then((response) =>{
      console.log(response); // Output the Array Object here
    });
  }
});
Devmix
  • 1,599
  • 5
  • 36
  • 73
  • 1
    Why do you need signed request for invoking Api gateway? You could invoke like other http endpoints – Aniket Chopade Mar 15 '19 at 18:01
  • @AniketChopade its because I'm using AWS4 library in order to send secretAccessKey, accessKeyId , sessionToken and access the endpoint – Devmix Mar 15 '19 at 18:05
  • verify your secretAccessKey and AccessKeyId are correct – Harry Mar 15 '19 at 21:49
  • Hi Haris, Yes they are correct. I'm just not sure if the way I implemented my Get call is correct. – Devmix Mar 15 '19 at 21:50
  • Q: Are you using [aws-sdk](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/getting-started-nodejs.html)? If not, why not? – paulsm4 Mar 16 '19 at 06:25
  • @paulsm4 yes I'm using aws-sdk to get the keys and token, but now I need to use those to access API Gateway and hit the endpoint and I'm not sure how – Devmix Mar 16 '19 at 13:56
  • 1
    You'll find several ideas here: [AWS Lambda function REST API end point - 403 error](https://stackoverflow.com/questions/33109122/). I think your code is probably OK; the issue is with the gateway. Please look at each of the suggestions, and please let us know what you find! – paulsm4 Mar 16 '19 at 18:57
  • @paulsm4 thanks for your input. I got it working and sharing my solution right below. Happy Coding! – Devmix Mar 20 '19 at 21:01
  • kind of risking having secretAccessKey accessible via angular code don't you think? anyone worth their salt could request your code, and decompile and find your keys... You should really have an authentication API that keeps the secret well secret, and you use that to authenticate against. – thenetimp Oct 08 '20 at 17:39

1 Answers1

6

I got it working and I'll share my solution in case anyone else out there needs it!

I ended up using http service from angular and not axios. Here's my solution;

(AWS.config.credentials as AWS.Credentials).get((error: AWSError) =>{
 if(error){
   console.log('Error ', error);
 }else{
 let request = {
   host: 'abcdefg.execute-api.us-east-2.amazonaws.com',
   method: 'GET',
   url:  `https://abcdefg.execute-api.us-east-2.amazonaws.com/dev/users`,
   path: '/dev/users'
 }

  let signedRequest = aws4.sign(request, {
    secretAccessKey: AWS.config.credentials.secretAccessKey,
    accessKeyId: AWS.config.credentials.accessKeyId,
    sessionToken: AWS.config.credentials.sessionToken
  });
  delete signedRequest.headers['Host'];
  this.http.get(signedRequest.url, signedRequest).subscribe(res => this.myObject = res);
 }
}
Devmix
  • 1,599
  • 5
  • 36
  • 73