Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Paws questions

by Krambambuli (Curate)
on May 01, 2017 at 18:53 UTC ( [id://1189280]=perlquestion: print w/replies, xml ) Need Help??

Krambambuli has asked for the wisdom of the Perl Monks concerning the following question:

Dear PerlMonks,

hoping that someone out there might know the answers and would be kind enough to respond, here my two questions. Trying to get acquainted with Amazon services and Paws, I've set up my ~/.aws/credentials to be

[profile instrument]
source_profile = default
role_arn = arn:aws:iam::MY_IAM_CODE:role/MY_ROLE
region = us-east-1

[default]
region = us-east-1
aws_secret_access_key = "MY_SECRET_ACCESS_KEY"
aws_access_key_id = "MY_ACCESS_KEY_ID"

[download]
The simple code I'm playing with is like 
#!/usr/bin/perl

use strict;
use warnings;

use Data::Dumper;
use Paws;
use Paws::Net::LWPCaller;
use Paws::Credential::AssumeRole;

my $lwp_caller = new Paws::Net::LWPCaller( debug => 1 );
my $cloudwatch = Paws->service('CloudWatch', 
                                caller => $lwp_caller, 
                                credentials => Paws::Credential::Assum
+eRole->new(
                                    RoleArn => 'arn:aws:iam::MY_IAM_CO
+DE:role/MY_ROLE',
                                    RoleSessionName => 'just_kidding',
                                    caller => $lwp_caller, 
                                ),
                                region => 'us-east-1', 
                                profile_name => 'instrument',
                              );


#print Dumper( $cloudwatch );
#exit;

my $res = $cloudwatch->ListAllMetrics( 
      Dimensions => [],
      MetricName => 'MY_METRIC', 
      Namespace  => 'MY_NAMESPACE', 
      #NextToken  => '',
);

print Dumper( $res );
exit;

[download]
And here the two things I'm unhappy with.

1. If I launch the above cod as

$ AWS_ACCESS_KEY="MY_ACCESS_KEY_ID" AWS_SECRET_KEY="MY_SECRET_ACCESS_KEY" ./test_paws.pl

it works. But if I launch it as

./test_paws.pl

it doesn't, and I get an error message that says 
The security token included in the request is invalid
I cannot spot the error in the credentials file, and it seems to me that it is OK, but is simply ignored, although it _should_ be considered. So, is there anything I need to do to get the default credentials properly working...?

2. The documentation says that the default 'caller' is HTTP::Tiny. LWP can be used instead if wanted, and the above code uses it OK. I'm unsure about the second caller spec; if I omit it, i.e have 
my $cloudwatch = Paws->service('CloudWatch', 
                                caller => $lwp_caller, 
                                credentials => Paws::Credential::Assum
+eRole->new(
                                    RoleArn => 'arn:aws:iam::MY_IAM_CO
+DE:role/MY_ROLE',
                                    RoleSessionName => 'just_kidding',
                                    #caller => $lwp_caller, 
                                ),
                                region => 'us-east-1', 
                                profile_name => 'instrument',
                              );

[download]
then the call to AssumeRole is done with HTTP:Tiny, whereas the call for ListAllMetrics is done as expected via LWP. Is that expected behavior? Shouldn't the caller used for getting the credentials be the same as the one for ListAllMetrics, even without 'saying it again'?

Many thanks in advance.

Replies are listed 'Best First'.
Re: Paws questions
by Corion (Patriarch) on May 01, 2017 at 19:23 UTC

    Are you certain that Paws merges the two profiles? The keys surely suggest that, but I can't even find source_profile in the distribution (or at least, the grep on CPAN.org doesn't).

    Maybe try with explicitly stated settings instead of inheriting settings?

[reply]
[d/l]
      Thanks for the answer - but I guess that would be the answer for a 3. question :)

      The error I get seems to say that I'm not authenticating properly - I get the same error if using an altered MY_ACCESS_KEY_ID.
      I used the ROLE_ARN as param in the call in order to avoid the possible non-inheriting in the credentials file,
      but in a final code version, I'd like to have that too only in the credentials file.
[reply]
[reply]
Re: Paws questions
by Krambambuli (Curate) on May 06, 2017 at 08:27 UTC
    First issue solved. If only the effort to solve it would have been as trivial as the issue!   :-/

    In the config file, the keys aren't allowed to be surrounded by quotes. So,

    aws_secret_access_key = "MY_SECRET_ACCESS_KEY"

    is *BAD* (the quotes are considered as being part of the key), while

    aws_secret_access_key = MY_SECRET_ACCESS_KEY

    is OK.

    The config file is read via Config::INI::Reader - a subclassable .ini-file parser, so maybe it's a no-brainer for the .ini world to avoid quotes.
    But for Perl programmers... Sigh.

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1189280]
Approved by 1nickt
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (3)
As of 2024-04-20 03:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found