By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

generate a presigned URL with aws-iot-device-sdk-embedded-C

0

Is is possible somehow to generate a presigned URL with the aws-iot-device-sdk-embedded-C?

I've been looking at the demo http_demo_s3_download which I can run successfully.

I tried to add in http_demo_s3_download.c, just after

    if( returnStatus == true )
    {
        LogInfo( ( "The file is %d bytes long.", ( int32_t ) *pFileSize ) );

The following code:

        char ota_temp_url[2048] = "https://" \
                                  AWS_S3_ENDPOINT \
                                  AWS_S3_URI_PATH \
                                  "?response-content-disposition=inline";
        strcat(ota_temp_url, "&X-Amz-Security-Token=");
        strncat(ota_temp_url, pSecurityToken, securityTokenLen);
        strcat(ota_temp_url, "&X-Amz-Algorithm=");
        strcat(ota_temp_url, SIGV4_AWS4_HMAC_SHA256);
        strcat(ota_temp_url, "&X-Amz-Date=");
        strncat(ota_temp_url, pDateISO8601, SIGV4_ISO_STRING_LEN);
        strcat(ota_temp_url, "&X-Amz-SignedHeaders=host");
        strcat(ota_temp_url, "&X-Amz-Expires=3600");
        strcat(ota_temp_url, "&X-Amz-Credential=");
        {
            char* pchar_start = strstr(pSigv4Auth, " Credential=");
            if (pchar_start) {
                char* pchar_end = strstr(pchar_start, ",");
                if (pchar_end) {
                    strncat(ota_temp_url, pchar_start+12, pchar_end-pchar_start-12);
                }
            }
        }
        strcat(ota_temp_url, "&X-Amz-Signature=");
        strncat(ota_temp_url, signature, signatureLen);
        LogInfo( ( "ota_temp_url=%s", ota_temp_url ) );

This is generating a URL with the correct syntax but I'm failing to understand what's wrong as the answer I get is:

<Error>
<Code>InvalidToken</Code>
<Message>The provided token is malformed or otherwise invalid.</Message>
<Token-0>IQoJb3JpZ2luX2VjEMb//////////wEaDGV1LWNlbnRyYWwtMSJGMEQCIBrv7gABmZniPAwon17t1bJQP7f7QilcTJU3QM0 XKVAiBEs/69RoSRWLOlM3uwtIhQA7kz8rnJmOzREgCzyumHiyrnAwi///////////8BEAAaDDM0NjQ0NDczNTIyNiIM08c2idyZjLoTyrxEKrsDSqeQAZ// oou4ENh2LylLXIVS9tlsB82Jg96 v2a jtM81N fXia5DD9v/IthIJrm8E TDkmkg09L7nwpgyB5ombnXfiv6jNaZTjR W3GR/NGh33nLCh9eywgfovbf2BD8TKgBU6ke74TGuxm3phFzW2K1OgCtP4oDUq94e432SKaZJsiD97jA20MX8IfVwD6xwBX0N25RHilQDipgl/DqeR3hvZqlZmIzIvzNvJ6OStuhMIGX5uKg4Dy4/zwNWfIGGr6AhR6XT9e3qESihLXWapMb0kVVxupVOteqdgbGpl3NbmJdBWVQ1YhKfVhXCXo8fWdHtFomCxJfu15o4YKMWwLPWPADu/TTI2DXdcCYY32cyVy54DjmEQnL5kXI7QOv3c3mS1FE56XlUK8eoR4rwXL9cUXsNrbCTPFOeasxlohZ4e jVASLl RQx3Xh2v1dvPKCGtywBgc0MLXvPiAWxnpnraGrpsksXXY6DsWYbIsnHBuomblCzF5N1T85EBP2VQbsUo1U9ez xL8WVgKZqUaF4kxTwZEBF5FaZelFY9Lle ActCn2C41yRJ0XSSWrdasSI t77YOcww7bbqAY6mwGn6MspGaXNR AWi5qQbcH6Hxee4s L74ZEcGrnK91IcuJ djHfLhLRUJIEUJLruGnkgqdP9DZmcv1TmLrr2vByWkFG867SSF2slWzbtwWIrML/7jxI KTSou5wPHQC3fvjFboQ5f0ub5wUott/bmneKo7Np2QtjmpiKQi7JHazcP2vRxBmzQ6JpLBXWsXuDVzeYLfsIgvPV/mG0A==</Token-0>
<RequestId>EE873P33F22DW1K6</RequestId>
<HostId>cljT52u0sAuOuzSohPGVOW9hxaCMuHd/hOEEkCMj8hTWf9guhbDzwC4J5W49QTQeww3kgrB2e3Yeax5ieI2MCw==</HostId>
</Error>

Can anybody help me?

Topics
Internet of Things (IoT)Storage
Tags
AWS IoT Corepresigned URL
Language
English
profile picture
Giuseppe
asked 7 months ago312 views
2 Answers
1
Accepted Answer

Hi,

Can you compare the URL that you create to the one generated by 'aws s3 presign' with same input parameters?
See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3/presign.html

That should help determine where your problem is. (it's very often in the signature)

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 7 months ago
  • Giuseppe
    7 months ago

    You were actually right Didier, I had an issue with the signature that I could adjust comparing with 'aws s3 presign'. Unfortunately now it complains about the (temporary) AccessKeyId that I get in the same demo, which does allow me to download the file but apparently is not allowed to generate a presigned URL. <Code>InvalidAccessKeyId</Code> <Message>The AWS Access Key Id you provided does not exist in our records.</Message>

1

Hi Giuseppe.

Is is possible somehow to generate a presigned URL with the aws-iot-device-sdk-embedded-C?

This SDK has no specific support for that. It's not something a constrained device that uses this SDK would typically do. A more common workflow is for the cloud to generate the presigned URL and send it to the device over MQTT. The following blog shows this kind of workflow for the case of S3 upload, but a similar workflow for download could be used: https://aws.amazon.com/blogs/iot/securely-ingesting-large-sized-payloads-from-iot-devices-to-the-aws-cloud/

Likewise, AWS IoT Jobs includes support for presigned URLs in job documents: https://docs.aws.amazon.com/iot/latest/developerguide/create-manage-jobs.html#create-manage-jobs-presigned-URLs. This demo uses this functionality: https://github.com/aws/aws-iot-device-sdk-embedded-C/blob/main/demos/ota/ota_demo_core_http/ota_demo_core_http.c

profile pictureAWS
EXPERT
Greg_B
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content