javascript - 在 java 脚本中调用 AWS REST API

Question

我正在尝试使用 nodejs (aws-sdk) 执行 AWS Endpoint。首先，我能够为有权执行 API 的服务帐户生成 session token 。

var AWS = require('aws-sdk');
AWS.config.update({ "accessKeyId": "<>", "secretAccessKey": "<>", "region": "us-west" });
var sts = new AWS.STS();
var response = {};
sts.assumeRole({
    RoleArn: 'arn:aws:iam::170000000000:role/service-account',
    RoleSessionName: 'AssumtaseRole'
}, function(err, data) {
    if (err) { // an error occurred
        var error = {}
        response.message = err.originalError.message,
            response.errno = err.originalError.errno,
            response.code = 404;
        console.log(response);
    } else { // successful response
        response.code = 200,
            response.accesskey = data.Credentials.AccessKeyId,
            response.secretkey = data.Credentials.SecretAccessKey,
            response.sessiontoken = data.Credentials.SessionToken,
            console.log(response);
    }
});

现在我正在尝试使用上述 session token 执行端点。如果使用 postman 测试 session token ，我可以执行 API 但不确定如何使用 (aws-sdk) 或 ('aws-api-gateway-client')

我尝试使用简单的 HTTPS 请求执行但出现错误:这是代码:

var AWS = require('aws-sdk');
var apigClientFactory = require('aws-api-gateway-client').default;

AWS.config.update({ "accessKeyId": "<>", "secretAccessKey": "<>", "region": "us-west" });

var sts = new AWS.STS();
var response = {};
sts.assumeRole({
    RoleArn: 'arn:aws:iam::170000000000:role/service_account',
    RoleSessionName: 'AssumtaseRole'
}, function(err, data) {
    if (err) { // an error occurred
        var error = {}
        response.message = err.originalError.message,
            response.errno = err.originalError.errno,
            response.code = 404;
        console.log(response);
    } else { // successful response
        response.code = 200,
            response.accesskey = data.Credentials.AccessKeyId,
            response.secretkey = data.Credentials.SecretAccessKey,
            response.sessiontoken = data.Credentials.SessionToken,
            console.log(response);
        var apigClient = apigClientFactory.newClient({
            invokeUrl: "https://some-endpoint.com", // REQUIRED
            accessKey: data.Credentials.AccessKeyId, // REQUIRED
            secretKey: data.Credentials.SecretAccessKey, // REQUIRED
            sessiontoken: data.Credentials.SessionToken,
            region: "us-west", // REQUIRED: The region where the AapiKeyloyed.
            retries: 4,
            retryCondition: (err) => { // OPTIONAL: Callback to further control if request should be retried.  Uses axon-retry plugin.
                return err.response && err.response.status === 500;

            }
        });

        var pathParams = "";
        var pathTemplate = "/agent/registration"; // '/api/v1/sites'
        var method = "post"; // 'POST';
        var additionalParams = ""; //queryParams & Headers if any

        var body = {
            "agent_number": "1200",
            "agent_name": "Test"
        };

        apigClient.invokeApi(pathParams, pathTemplate, method, additionalParams, body)
            .then(function(result) {
                console.log(result)

            }).catch(function(error) {
                console.log(error)

            });
        // console.log(output);

    }
});

这里是错误:

     data:
      { message: 'The security token included in the request is invalid.' } } }

提前致谢。

谢谢你，基兰

Answer 1

请将sessiontoken更改为sessionToken。这将解决您的问题。我已经在我的机器上测试了代码。

当我使用 sessiontoken 进行测试时，我还收到错误消息 The security token included in the request is invalid.。当我将它更改为正确的 key sessionToken 时，它起作用了。

这里是简化的代码。当我测试时，我硬编码了 accessKey、secretKey 和 sessionToken。

var apigClientFactory = require('aws-api-gateway-client').default;
var apigClient = apigClientFactory.newClient({
    invokeUrl:'https://api-url.com', // REQUIRED
    accessKey: '', // REQUIRED
    secretKey: '', // REQUIRED
    sessionToken: '', //OPTIONAL: If you are using temporary credentials you must include the session token
    region: 'ap-southeast-2', // REQUIRED: The region where the API is deployed.
    systemClockOffset: 0, // OPTIONAL: An offset value in milliseconds to apply to signing time
    retries: 4, // OPTIONAL: Number of times to retry before failing. Uses axon-retry plugin.
    retryCondition: (err) => { // OPTIONAL: Callback to further control if request should be retried.  Uses axon-retry plugin.
      return err.response && err.response.status === 500;
    }
});


(() => {
  apigClient.invokeApi(null, `/hello`, 'GET')
  .then(function(result){
    console.log('result: ', result)
      //This is where you would put a success callback
  }).catch( function(result){
    console.log('result: ', result)
      //This is where you would put an error callback
  });
})()