I have an ec2 instance with a instance profile attached to it. This instance profile has permissions to publish messages to a sns topic. When I remote into the ec2 instance and issue a command like

aws sns publish --topic-arn topic_arn --message hello

This works.

Now I'm trying to do the same with a simple curl command and this is what I use after remoting into the ec2 instance

curl "https://sns.us-west-2.amazonaws.com/?Message=hello&Action=Publish&TargetArn=topic_arn" 

I get the following error

<Code>MissingAuthenticationToken</Code>
<Message>Request is missing Authentication Token</Message>

I was hoping that the curl would attach the instance profile details when sending the request (like when using the aws cli) but it does not seem to do so. Does anyone know how I can overcome this ?

CodePudding user response：

When you do:

curl "https://sns.us-west-2.amazonaws.com/?Message=hello&Action=Publish&TargetArn=topic_arn" 

you are directly making a request to the SNS endpoint. Which means that you have to sign your request with AWS credentials from your instance profile. If you don't want to use AWS CLI or any AWS SDK for accessing the SNS, you have to program the entire signature procedure yourself as described in the docs.

That's why, when you are using AWS CLI

aws sns publish --topic-arn topic_arn --message hello

everything works, because the AWS CLI makes a signed request to the SNS endpoint on your behalf.