By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SNS Secret Access Key and Signing Method Issue

0

trying to subscribe to a topic with a mobile number and then send a message to a mobile number created user group and user and given these permissions AdministratorAccess AmazonSNSFullAccess

getting exception com.amazonaws.services.sns.model.AmazonSNSException: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. (Service: AmazonSNS; Status Code: 403; Error Code: SignatureDoesNotMatch;

what can be a possible solution or how do I debug this in a proper way?

my IAM Identity Center is currently configured in the US East (N. Virginia) Region. can this be an issue (using ap-south-1 region for sns keys)? also how do I delete this and create another for a different region.

please help.

Topics
Security, Identity, & ComplianceApplication IntegrationFront-End Web & MobileBusiness Applications
Tags
AWS Identity and Access ManagementAmazon Simple Notification Service (SNS)AWS IAM Identity CenterAmazon PinpointIAM Policies
Language
English
Rudy
asked 11 days ago123 views
2 Answers
0

code snippet for reference.

send message

{
            subscribe(mobileNumber);
            Map<String, MessageAttributeValue> smsAttributes = new HashMap<>();
            smsAttributes.put("AWS.SNS.SMS.SenderID", new MessageAttributeValue()
                    .withStringValue("mySenderId")
                    .withDataType("String"));
            smsAttributes.put("AWS.SNS.SMS.MaxPrice", new MessageAttributeValue()
                    .withStringValue("0.50")
                    .withDataType("Number"));
            smsAttributes.put("AWS.SNS.SMS.SMSType", new MessageAttributeValue()
                    .withStringValue("Transactional")
                    .withDataType("String"));

            PublishRequest request = new PublishRequest();
            request.setMessage("hi");
            request.setTopicArn(TOPIC_ARN);
            request.setMessageAttributes(smsAttributes);

            PublishResult result = amazonSNSClient.publish(request);
}

subscribe

{
            SubscribeRequest subscribeRequest = new SubscribeRequest(TOPIC_ARN,
                    "sms", mobileNumber);
            amazonSNSClient.subscribe(subscribeRequest);     
}

sns configuration

{
    amazon sns client {

        BasicAWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
        return (AmazonSNSClient) AmazonSNSClientBuilder
                .standard()
                .withRegion("ap-south-1")
                .withCredentials(new AWSStaticCredentialsProvider(credentials))
                .build();
    }
}

dependencies added

		<dependency>
			<groupId>org.springframework.cloud</groupId>
			<artifactId>spring-cloud-starter-aws</artifactId>
			<version>2.2.6.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.cloud</groupId>
			<artifactId>spring-cloud-starter-aws-messaging</artifactId>
			<version>2.2.6.RELEASE</version>
		</dependency>
Rudy
answered 11 days ago
0

The issue you are facing is likely due to a mismatch in the signing method or the secret access key used for the SNS API calls.

Here are a few things you can try to debug and resolve the issue:

  1. Verify the Region: Ensure that you are using the correct region for your SNS operations. The region used for your SNS credentials should match the region where your SNS topic is created. If you are using the ap-south-1 region for your SNS keys, but your SNS topic is in a different region, this could cause the signature mismatch.

  2. Check the Credentials: Verify that you are using the correct AWS access key and secret access key for your IAM user or role. Double-check that the credentials you are using have the necessary permissions (AdministratorAccess and AmazonSNSFullAccess) to perform the SNS operations.

  3. Verify the Signing Method: Ensure that you are using the correct signing method for your API calls. The default signing method for the AWS SDK is AWS4-HMAC-SHA256. If you are using a different signing method, it could cause the signature mismatch.

  4. Check the SDK/Library Version: If you are using an AWS SDK or a third-party library to interact with SNS, make sure that you are using the latest version. Older versions might have issues with the signing method or handling of the credentials.

  5. Temporary Credentials: If you are using temporary credentials (e.g., AWS Security Token Service (STS) tokens), make sure that they are valid and have not expired.

To delete the existing SNS keys and create new ones in a different region:

  1. Delete the Existing SNS Keys: You can delete the existing SNS keys by logging into the AWS Management Console, navigating to the IAM service, and removing the access key associated with your IAM user or role.

  2. Create New SNS Keys: Once you have deleted the existing keys, you can create new ones in the desired region. You can do this by logging into the AWS Management Console, navigating to the IAM service, and creating a new access key for your IAM user or role.

  3. Update Your Application: After creating the new SNS keys, update your application to use the new credentials and the correct region for your SNS operations.

Remember, it's essential to ensure that the region used for your SNS operations and the region used for your IAM Identity Center configuration match. If they don't match, you may encounter issues with the signature calculation.

AWS
JonQ
answered 10 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content