I have an ec2 instance with a instance profile attached to it. This instance profile has permissions to publish messages to a sns topic. When I remote into the ec2 instance and issue a command like
aws sns publish --topic-arn topic_arn --message hello
This works.
Now I'm trying to do the same with a simple curl command and this is what I use after remoting into the ec2 instance
curl "https://sns.us-west-2.amazonaws.com/?Message=hello&Action=Publish&TargetArn=topic_arn"
I get the following error
<Code>MissingAuthenticationToken</Code>
<Message>Request is missing Authentication Token</Message>
I was hoping that the curl would attach the instance profile details when sending the request (like when using the aws cli) but it does not seem to do so. Does anyone know how I can overcome this ?
CodePudding user response:
When you do:
curl "https://sns.us-west-2.amazonaws.com/?Message=hello&Action=Publish&TargetArn=topic_arn"
you are directly making a request to the SNS endpoint. Which means that you have to sign your request with AWS credentials from your instance profile. If you don't want to use AWS CLI or any AWS SDK for accessing the SNS, you have to program the entire signature procedure yourself as described in the docs.
That's why, when you are using AWS CLI
aws sns publish --topic-arn topic_arn --message hello
everything works, because the AWS CLI makes a signed request to the SNS endpoint on your behalf.