aws pinpoint update-apns-sandbox-channel command results in: missing credentials

Question

aws --version aws-cli/1.16.76 Python/2.7.10 Darwin/16.7.0 botocore/1.12.66

I'm trying to programmatically add an APNS_SANDBOX channel to a pinpoint app. I'm able to do this successfully via the pinpoint console, but not with aws cli or a lambda function which is the end goal. Changes to our Test/Prod environments can only be made via the CodePipeline, but for testing purposes I'm trying to achieve this with the aws cli.

I've tried both aws cli (using the root credentials) and a lambda function -- both result in the following error:

An error occurred (BadRequestException) when calling the UpdateApnsSandboxChannel operation: Missing credentials

I have tried setting the Certificate field in the UpdateApnsSandboxChannel json object as the path to the .p12 certificate file as well as using a string value retrieved from the openssl tool.

Today I worked with someone from aws support, and they were not able to figure out the issue after trying to debug for a couple of hours. They said they would send an email to the pinpoint team, but they did not have an ETA on when they might respond.

Thanks

Answer 1

I ended up getting this to work successfully -- This is why it was failing:

I was originally making the cli call with the following request object as this is what is including in the documentation:

aws pinpoint update-apns-sandbox-channel --application-id [physicalID]  --cli-input-json file:///path-to-requestObject.json

{
    "APNSSandboxChannelRequest": {
        "BundleId": "com.bundleId.value", 
        "Certificate":"P12_FILE_PATH_OR_CERT_AS_STRING", 
        "DefaultAuthenticationMethod": "CERTIFICATE", 
        "Enabled": true, 
        "PrivateKey":"PRIVATEKEY_FILE_PATH_OR_AS_STRING",
        "TeamId": "",
        "TokenKey": "",
        "TokenKeyId": ""
    }, 
    "ApplicationId": "Pinpoint_PhysicalId"
}

After playing around with it some more I got it to work by removing BundleId, TeamId, TokenKey, and TokenKeyId. I believe these fields are needed when using a p8 certificate.

{
    "APNSSandboxChannelRequest": {
        "Certificate":"P12_FILE_PATH_OR_CERT_AS_STRING", 
        "DefaultAuthenticationMethod": "CERTIFICATE", 
        "Enabled": true, 
        "PrivateKey":"PRIVATEKEY_FILE_PATH_OR_AS_STRING"      
    }, 
    "ApplicationId": "Pinpoint_PhysicalId"
}