Question 172038 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

API Can curl & “–aws-sigv4” be used to call AWS IAM get user API on Amazon Web Services?

I am trying to get right request to get a user, but cannot:

AWS CLI that works:

aws iam get-user --user-name "${user_name}"

Now, plain curl request

api_addr=https://iam.amazonaws.com &&
curl --aws-sigv4 "aws:amz:${region}:iam" --user "${aws_key}":"${aws_secret}"  "${api_addr}/?Action=GetUser&UserName=${user_name}&Version=2010-05-08"

Getting a response:

<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
  <Error>
    <Type>Sender</Type>
    <Code>SignatureDoesNotMatch</Code>
    <Message>Credential should be scoped to a valid region. </Message>
  </Error>
  <RequestId>b21979ce-4d16-4e43-a592-227dc6d2a249</RequestId>
</ErrorResponse>

What is the correct call? I presume, IAM is a global region. I’ve tried my specific region as well as "global" or omitting it.

Curl should suffice:

curl --version
curl 7.87.0 (x86_64-apple-darwin22.0) libcurl/7.87.0 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.11 nghttp2/1.51.0
Release-Date: 2022-12-21

Curl, –aws-sig4

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I've ended up with the following canonical snippet:

    api_url="https://iam.amazonaws.com/" &&
default_region="us-east-1" &&
api_version="2010-05-08" &&
curl --aws-sigv4 "aws:amz:${default_region}:iam" --user "${aws_key}:${aws_secret}" 
  --data-urlencode "UserName=${user_name}" 
  --data "Action=GetUser" 
  --data "Version=${api_version}" 
  "${api_url}"

    It is based on Arpit's answer. While, I had another small issue due to weird user name, needed to be url-encoded, so I feel it is worth posting


  2. 0

    Okay, I was able to make it work, Looks like the default region is being used in calls to IAM which accepts only us-east-1.

    Request:-

    curl --aws-sigv4 "aws:amz:us-east-1:iam" --user "AWS_KEY":"AWS_SECRET_XXX"  "https://iam.amazonaws.com/?Action=GetUser&UserName=Dev-arpit&Version=2010-05-08"

    Response:-

    <GetUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
  <GetUserResult>
    <User>
      <Path>/</Path>
      <UserName>Dev-arpit</UserName>
      <Arn>arn:aws:iam::XXXXX:user/Dev-arpit</Arn>
      <UserId>XXXX</UserId>
      <CreateDate>2023-05-19T04:26:17Z</CreateDate>
    </User>
  </GetUserResult>
  <ResponseMetadata>
    <RequestId>03ca9843-d003-4ca1-8d22-0c99a43cc78b</RequestId>
  </ResponseMetadata>
</GetUserResponse>

    Hope it helps!

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search