0

I am making use of the .Net AwsSignatureVersion4 package to facilitate the signing of the AWS request.

Part of the process is to first assume an IAM role, and use the credentials received from the AWS.SDK STS service (AccessKeyId, SecretAccessKey and SessionToken) as parameters to the overloaded HttpClient.PostAsync method. I am however unable to get a successful response, all the requests responds with Forbidden.

The steps I follow to perform the request are as follows:

  1. Assume Role via AWS.SDK
  2. Use the credentials retrieved from step 1 as input parameters to HttpClient.PostAsync.

In addition to the credentials parameter, an endpoint, a null instance of HttpContent (because there is no post body), aws region and -service name are provided:

HttpClient.PostAsync("api gateway endpoint", null, "aws region", "execute-api", credentials)

Performing these steps and executing the Post responds with a Forbidden status.

Any guidance on where I might be going wrong please?

Rudolf Lamprecht
  • 1,050
  • 1
  • 14
  • 37
  • 1
    Are the credentials *actually* valid for that endpoint? Have you performed an `sts` `get-caller-identity` call with those credentials to confirm the credentials are valid and for the role you expect? – luk2302 Dec 13 '22 at 11:50
  • Yes I can confirm that the credentials are valid. Performing the request via Postman (after obtaining the temp credentials) does respond with a success. – Rudolf Lamprecht Dec 13 '22 at 12:30

0 Answers0