- Newest
- Most votes
- Most comments
Hello,
When you make API requests to AWS, you have to sign the requests so that AWS can identify who sent them. You will have to sign the requests with your AWS access key (consists of the Access Key ID and Secret Access Key).
Signature Version 4 (SigV4) is the process to add authentication information to AWS API requests sent by HTTP(s). Please refer this document for more information on SigV4.
Please refer Signing AWS requests with Signature Version 4 documentation to understand how to sign your AWS requests with SigV4.
Once the signing process is complete, you'll need to pass your signature in the Authorization header when making the POST /clusters
request.
Please take a look at this sample python code provided in the AWS documentation that explains how to make a POST request to the DynamoDB API using the above mentioned sigV4 signing.
It is recommended to use AWS SDKs for performing API requests to AWS services as they handle the signature calculation process for you, so you do not have to manually complete the signing process.
I understand that achieving the above steps through Ansible code is a challenging task. Therefore, I have suggested an alternate approach below.
Alternate approach:
The eksctl (official CLI for Amazon EKS) can be leveraged in your use-case to perform the cluster creation without the need for the REST API approach.
You can create a jinja2 template for the eksctl cluster configuration file and run eksctl create cluster -f cluster.yaml
command using the Ansible command module to create your cluster.
I hope this helps!
Relevant content
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Terraform also has an extensive support for EKS.
Hi @Venkat Penmetsa, Thanks for responding back,i would like to know if we can send a request to aws api services like below to GET/POST request in the below format (curl,
GET /resource HTTP/1.1 Host: server.example.com Authorization: Bearer mF_9.B5f-4.1JqM
Example GET: curl -H "$(oauth2l header --json /data/xxxx.json cloud-platform userinfo.email)" -H "Content-Type: application/json" "https://compute.googleapis.com/compute/v1/projects/xxxx/regions/us-central1/routers"
Could you provide a curl request to aws services (for example to get the list of clusters), is AWS API requests unfortunately not straight forward to implement in curl? and mandatory to use the AWS SDKs for performing API requests to AWS services and use SigV4?
Although it is possible to make requests to AWS services without using SDKs, it is difficult to achieve AWS SigV4 authentication with shell commands alone.
You can write a custom ansible module that can perform the request signing process. Check out this code (https://github.com/ansible-collections/amazon.aws/blob/main/plugins/module_utils/urls.py) to understand how ansible aws modules perform the SigV4 signing to make API requests to AWS.