Вызовите REST API для Amazon Kinesis с настройкой API Gateway

Я пытаюсь отправить HTTP-запрос на отправку записи в Amazon Kinesis Stream. Есть несколько способов (Kinesis Client, KPL, настройка AWS Gateway в качестве Kinesis Proxy).

Я видел этот документ об API Kinesis PutRecord http://docs.aws.amazon.com/kinesis/latest/APIReference/API_PutRecord.html

POST / HTTP/1.1
Host: kinesis.<region>.<domain>
Content-Length: <PayloadSizeBytes>
User-Agent: <UserAgentString>
Content-Type: application/x-amz-json-1.1
Authorization: <AuthParams>
Connection: Keep-Alive 
X-Amz-Date: <Date>
X-Amz-Target: Kinesis_20131202.PutRecord
{
  "StreamName": "exampleStreamName",
  "Data": "XzxkYXRhPl8x",
  "PartitionKey": "partitionKey"
}

Можно ли отправить вышеуказанный HTTP-запрос POST в PutRecord без необходимости настройки Amazon API Gateway, как описано в этой ссылке: http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html

KPL и Kinesis Client должны каким-то образом внутренне использовать HTTP POST для PutRecord, поэтому должен быть способ сделать это. К сожалению, я не смог найти какие-либо ресурсы в Интернете.

Источник

3 ответа

Решение
import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests
# ************* REQUEST VALUES *************
method = 'POST'
service = 'kinesis'
host = 'kinesis.us-east-1.amazonaws.com'
region = 'us-east-1'
endpoint = 'https://kinesis.us-east-1.amazonaws.com'
content_type = 'application/x-amz-json-1.1'

amz_target = 'Kinesis_20131202.PutRecord'
request_parameters = '{'
request_parameters += '"StreamName": "<StreamName>",'
request_parameters += '"Data": "' + base64.b64encode(<DATA>) + '",'
request_parameters += '"PartitionKey": "<PartitionKey>"'
request_parameters += '}'

# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python
def sign(key, msg):
    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, date_stamp, regionName, serviceName):
    kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'aws4_request')
    return kSigning

access_key = '<ACCESS KEY>'
secret_key = '<SECRET KEY>'
if access_key is None or secret_key is None:
    print 'No access key is available.'
    sys.exit()
# Create a date for headers and the credential string
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ')
date_stamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope


canonical_uri = '/'

canonical_querystring = ''

canonical_headers = 'content-type:' + content_type + '\n' + 'host:' + host + '\n' + 'x-amz-date:' + amz_date + '\n' + 'x-amz-target:' + amz_target + '\n'

signed_headers = 'content-type;host;x-amz-date;x-amz-target'

payload_hash = hashlib.sha256(request_parameters).hexdigest()

canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash

algorithm = 'AWS4-HMAC-SHA256'
credential_scope = date_stamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' +  amz_date + '\n' +  credential_scope + '\n' +  hashlib.sha256(canonical_request).hexdigest()

signing_key = getSignatureKey(secret_key, date_stamp, region, service)

signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()

authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' +  'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
print authorization_header;


headers = {'Content-Type':content_type,
           'X-Amz-Date':amz_date,
           'X-Amz-Target':amz_target,
           'Authorization':authorization_header}
# ************* SEND THE REQUEST *************
print '\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++'
print 'Request URL = ' + endpoint
r = requests.post(endpoint, data=request_parameters, headers=headers)
print '\nRESPONSE++++++++++++++++++++++++++++++++++++'
print 'Response code: %d\n' % r.status_code
print r.text

Просто измените необходимые параметры в коде, помеченном <>, и вы сможете подключиться к конечной точке через HTTP. Это применимо, только если вы не можете использовать aws-sdk или aws-cli по какой-либо причине.

Приведенный выше код написан на python.

для трансформации, проверьте следующую ссылку. https://github.com/danharper/hmac-examples

Источник

Вы должны настроить API-шлюз, чтобы подключить вызов API RESTful к Kinesis. Так как вам нужно настроить роль IAM и политику для API-интерфейсов Kinesis и связать их с прокси-сервером службы AWS для Kinesis.

Ссылка, которую вы разместили, - это то, как вы можете настроить авторизатор, API-шлюз все еще работает за этим.

После настройки шлюза API вы можете обратиться к https://docs.aws.amazon.com/kinesis/latest/APIReference/API_CreateStream.html чтобы управлять потоками / записями kinesis.

Источник 
      import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests
# ************* REQUEST VALUES *************
method = 'POST'
service = 'kinesis'
host = 'kinesis.cn-north-1.amazonaws.com.cn'
region = 'cn-north-1'
endpoint = 'https://kinesis.cn-north-1.amazonaws.com.cn'
content_type = 'application/x-amz-json-1.1'

amz_target = 'Kinesis_20131202.PutRecord'
request_parameters = '{'
request_parameters += '"StreamName": "cummins_kinesis_test",'
request_parameters += '"Data": "euoioeuiuoeieoieio",'
request_parameters += '"PartitionKey": "test"'
request_parameters += '}'

# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python
def sign(key, msg):
    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, date_stamp, regionName, serviceName):
    kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'aws4_request')
    return kSigning

access_key = 'xxxxxxxxxxxxxxxxxxx'
secret_key = 'xxxxxxxxxxxxxxxxxxx'
if access_key is None or secret_key is None:
    print( 'No access key is available.')
    sys.exit()
# Create a date for headers and the credential string
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ')
date_stamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope


canonical_uri = '/'

canonical_querystring = ''

canonical_headers = 'content-type:' + content_type + '\n' + 'host:' + host + '\n' + 'x-amz-date:' + amz_date + '\n' + 'x-amz-target:' + amz_target + '\n'

signed_headers = 'content-type;host;x-amz-date;x-amz-target'

payload_hash = hashlib.sha256(request_parameters.encode('utf-8')).hexdigest()

canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash

algorithm = 'AWS4-HMAC-SHA256'
credential_scope = date_stamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' +  amz_date + '\n' +  credential_scope + '\n' +  hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

signing_key = getSignatureKey(secret_key, date_stamp, region, service)

signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()

authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' +  'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
print(authorization_header);


headers = {'Content-Type':content_type,
           'X-Amz-Date':amz_date,
           'X-Amz-Target':amz_target,
           'Authorization':authorization_header}
# ************* SEND THE REQUEST *************
print( '\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + endpoint)
r = requests.post(endpoint, data=request_parameters, headers=headers)
print( '\nRESPONSE++++++++++++++++++++++++++++++++++++')
print( 'Response code: %d\n' % r.status_code)
print( r.text )
Источник
Другие вопросы по тегам