boto3 rds generate_presigned_url not working properly
a presigned url is required when copy an encrypted RDS snapshot cross regions.
The parameters could be found here:
http://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CopyDBSnapshot.html
The DestinationRegion is not supported in "copy_db_snapshot" client method for generate_presigned_url.
The generated URL also doesn't work for copy_db_snapshot method. We got a 400 status.
The code I use is something like:
rds = boto3.client('rds', target_region)
url=rds.generate_presigned_url('copy_db_snapshot',Params={ 'TargetDBSnapshotIdentifier' : 'test', 'KmsKeyId': 'my key', 'SourceDBSnapshotIdentifier': 'test'})
response = rds.copy_db_snapshot(
SourceDBSnapshotIdentifier='test',
TargetDBSnapshotIdentifier='test',
KmsKeyId='my key',
PreSignedUrl=url)
We got 400 error even not specifying the presignedurl.
Trace:
File "/home/ec2-user/judi-prod-dirt/test/local/lib/python3.4/dist-packages/botocore/client.py", line 253, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/home/ec2-user/judi-prod-dirt/test/local/lib/python3.4/dist-packages/botocore/client.py", line 544, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (InvalidParameterValue) when calling the CopyDBSnapshot operation: PreSignedUrl could not be authenticated.
The aws CLI works on the same machine.
hongchaowang
All 8 comments
Ran into the same issue, can you try this:
response = rds.copy_db_snapshot(
SourceDBSnapshotIdentifier=test,
TargetDBSnapshotIdentifier=test,
KmsKeyId='my key',
SourceRegion=SOURCE_REGION)
orenmaor
on 23 Jan 2017
I tried both with "Source Region" and without "Source Region", but still no luck.
got same error message: PreSignedUrl could not be authenticated
hongchaowang
on 23 Jan 2017
@hongchaowang did you try exactly what @orenmaor mentioned? That should work as it is similar to what I suggested in this issue: https://github.com/boto/boto3/issues/951 where you do not need to provide a presigned url for that method since the value gets auto-populated. If you provide PreSignedUrl at all, boto3 will ignore the SourceRegion parameter and use the unmodified PresignedUrl that you provided.
kyleknap
on 24 Jan 2017
@kyleknap I removed presignedURLand added SourceRegion, but I still got the same 400 error code.
Then I figured that the stacktrace is complaining about my Tags. The method works fine if I remove my Tags.
I don't think my Tags is wrong though since it worked fine before I encrypted my db snapshots.
Tags=[{'Key': 'xxx', 'Value': 'yyy'}, {'Key': 'aaa', 'Value': 'bbb'}, {'Key': 'qqq', 'Value': 'www'}])
Any idea?
hongchaowang
on 24 Jan 2017
Just for my sanity - is this method in the documentation anywhere? I've been fighting with boto's copy_db_snapshot for about a week only to discover that the PreSignedUrl isn't even necessary.
consolewitch
on 17 Feb 2017
You are correct , the presigned URL isnt necessary. SourceURL does the trick
ishug86
on 23 Mar 2017
@hongchaowang Could you provide some debug logs that demonstrate the issue? It's odd that it would be working on the cli since both that and boto3 share the same common core to do all the heavy lifting.
JordonPhillips
on 21 Jul 2017
Closing due to inactivity. Please reopen the issue if you are able to provide debug logs.
kyleknap
on 28 Aug 2017
Related issues
leima965
路
3Comments
raolivei
路
3Comments
luistm
路
3Comments
teran-mckinney
路
3Comments
darkmeadow
路
3Comments
Most helpful comment
Ran into the same issue, can you try this: