amazon-web-servicesrestamazon-iamaws-iam-policyaws-rest-api

AWS IAM api request failed with error "The request signature we calculated does not match the signature you provided"


I am using CreatePolicy API to create a policy with specific permissions. Initially passed json code as a value to query string parameter "PolicyDocument" but the request failed with code 400 Bad request. While testing through postman found that we have to urlencode given policy document. This solution worked fine on postman but not on my HTTP Client. Error - "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details". Code is working fine for all other APIs even for IAM Get request, but failing when policy doc is being sent as a query string or as a body. Possibly there is something wrong while calculating the signature for IAM api with url encoded policy doc. Ref - https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html

  1. Tried passing policy doc as a request body and header - "Content-Type:application/x-www-form-urlencoded". (body is JSON converted to string)
  2. Tried passing policy doc as a query parameter which is url-encoded Note - Both these methods worked fine when testing them through postman

Solution

  • I solved that error -

    1. Transfer all your IAM API calls to 'us-east-1' region. Not sure why it is in that way but no other region works for IAM api calls except us-east-1.
    2. If you providing request body then best way is to URL encode that body and pass request header - "Content-Type: application/x-www-form-urlencoded"