I am trying to get right request to get a user, but cannot:
AWS CLI that works:
aws iam get-user --user-name "${user_name}"
Now, plain curl
request
api_addr=https://iam.amazonaws.com &&
curl --aws-sigv4 "aws:amz:${region}:iam" --user "${aws_key}":"${aws_secret}" "${api_addr}/?Action=GetUser&UserName=${user_name}&Version=2010-05-08"
Getting a response:
<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to a valid region. </Message>
</Error>
<RequestId>b21979ce-4d16-4e43-a592-227dc6d2a249</RequestId>
</ErrorResponse>
What is the correct call? I presume, IAM is a global region. I’ve tried my specific region as well as "global" or omitting it.
Curl should suffice:
curl --version
curl 7.87.0 (x86_64-apple-darwin22.0) libcurl/7.87.0 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.11 nghttp2/1.51.0
Release-Date: 2022-12-21
2
Answers
I've ended up with the following canonical snippet:
It is based on Arpit's answer. While, I had another small issue due to weird user name, needed to be url-encoded, so I feel it is worth posting
Okay, I was able to make it work, Looks like the default region is being used in calls to IAM which accepts only us-east-1.
Request:-
Response:-
Hope it helps!