0

After a series of longs hours working with AWS transcription, I now have a new error using Postman:

<AccessDeniedException>
  <Message>Unable to determine service/operation name to be authorized</Message>
</AccessDeniedException>

However, I don't know what the issue is. I tried to Google it but the error seems to happen also in AWS Lambda. But I'm working with AWS Transcription. Can anyone check what seems to be the problem?

My sample sample GET request is:

https://transcribestreaming.us-east-1.amazonaws.com/medical-stream-transcription-websocket?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=MYACCESSKEYID%2F20200404%2Fus-east-1%2Ftranscribe%2Faws4_request&X-Amz-Date=20200404T171802Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&language-code=en-US&media-encoding=pcm&sample-rate=16000&specialty=PRIMARYCARE&type=DICTATION&X-Amz-Signature=5f5f0a5d336e524b335245b6e83945d3057ec3905a9ae2d2ca709b77cce5478f

I intentionally replace the X-Amz-Credential with MYACCESSKEYID for security purpose.

user3856437
  • 2,071
  • 4
  • 22
  • 27

2 Answers2

1

It seems you are trying to connect to Amazon Transcribe Medical’s websocket endpoint. Upon reviewing your GET request, it appears you are missing port number 8443, due to which your request is not being routed to websocket endpoint.

https://docs.aws.amazon.com/transcribe/latest/dg/websocket-med.html#websocket-streaming-request-med describes an example of creating a bi-directional request to transcribe medical’s streaming endpoint.

Ashish Singh
  • 11
  • 1
  • I tried adding port :8443 but to still no avail. Handshaking something was the error and so I removed that. Checking what is 403 Forbidden error, that's authentication or no authority error so I tried making the user to admin, etc... but still same error above. – user3856437 Apr 07 '20 at 03:07
  • Did you add a policy for web socket requests to your IAM role before using transcribe. https://docs.aws.amazon.com/transcribe/latest/dg/websocket-med.html#websocket-streaming-request-med has an example of the policy you need to setup before making web socket calls. – Ashish Singh Apr 07 '20 at 17:07
  • This one? { "Version": "2012-10-17", "Statement": [ { "Sid": "transcribemedicalstreaming", "Effect": "Allow", "Action": "transcribe:StartMedicalStreamTranscription", "Resource": "*" } ] } Yes I did. – user3856437 Apr 07 '20 at 17:53
  • Can you share your code where you are making this call. – Ashish Singh Apr 08 '20 at 21:17
  • Okay here's my complete class.. I hope you'll be able to help me. https://dotnetfiddle.net/SFRAil – user3856437 Apr 09 '20 at 09:07
1

There maybe two errors:

1) "https://" request connects to default port of 443. This cause error of "Unable to determine service/operation name to be authorized". Please explicitly use port :8443.

2) Your client does not handle websocket upgrade correctly. In the first request to open connection, your client need initiate websocket upgrade by including several headers, as specified in "Including WebSocket Request Headers" section of https://docs.aws.amazon.com/transcribe/latest/dg/websocket-med.html#websocket-response-med

Example in curl: 

curl --include --no-buffer \
--header "Connection: Upgrade" \
--header "Upgrade: websocket" \
--header "Host: transcribestreaming.us-east-1.amazonaws.com:8443" \
--header "Origin: http://localhost:3000" \
--header "Sec-WebSocket-Key: tEfHvBSx8jqQyZgCNrhI3w" \
--header "Sec-WebSocket-Version: 13" \
"https://transcribestreaming.us-east-1.amazonaws.com:8443/medical-stream-transcription-websocket?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=MYCREDENTIAL&X-Amz-Date=20200406T211542Z&X-Amz-Expires=60&X-Amz-Signature=MYSIGNATURE&X-Amz-SignedHeaders=host&language-code=en-US&media-encoding=pcm&sample-rate=16000&specialty=PRIMARYCARE&type=DICTATION"

On a successful request, client receive "101 Switching Protocols". The connection is established, and then you can continue send audio frames as documented in https://docs.aws.amazon.com/transcribe/latest/dg/websocket-med.html#websocket-streaming-request-med

Ruoyu Huang
  • 111
  • 4
  • Mmm.. it results to >HTTP Error 400. The request hostname is invalid. Just a question, have you already checked my code here? https://dotnetfiddle.net/SFRAil I just want to make sure that my codes are correct. – user3856437 Apr 13 '20 at 14:36
  • This is what I'm seeing now. curl: (6) Couldn't resolve host 'Upgrade' – user3856437 Apr 13 '20 at 14:56
  • Could you try double quote headers and url before running it on command line, cause spaces are treated as argument separator in shell. I've updated curl command accordingly. – Ruoyu Huang Apr 14 '20 at 00:37
  • Your code sample dotnetfiddle.net/SFRAil include logic to generate presigned url, which looks correct. If there is a problem with presigned url, you would get authentication error. But the error you reported here is all related to networking. The request haven't reach authentication layer yet. To quickly verify the presigned URL, you can use your code to generate a presigned url, and replace it with the last line of my curl command. Server would respond with 101. – Ruoyu Huang Apr 14 '20 at 00:41
  • I couldn't see 101 server response but "Streaming completed successfully." Is that the response message I should be expecting? Sorry, I am really new to this. – user3856437 Apr 14 '20 at 01:42
  • By the way I have updated the code I shared with you in https://dotnetfiddle.net/SFRAil . It now includes the :8443 port. – user3856437 Apr 14 '20 at 01:43
  • Oh.. I can now see HTTP/1.1 101 Switching Protocols. Thank you very much!!!! – user3856437 Apr 14 '20 at 01:45