IAMClient

IAMのAPI検証用に書いてみた。

#!/usr/bin/env ruby
require 'cgi'
require 'base64'
require 'net/https'
require 'openssl'
require 'time'

class IAMClient
  API_VERSION = '2010-05-08'
  HOST = 'iam.amazonaws.com'
  ALGORITHM = :SHA1
  #ALGORITHM = :SHA256

  def initialize(accessKeyId, secretAccessKey)
    @accessKeyId = accessKeyId
    @secretAccessKey = secretAccessKey
  end

  def query(action, params = {})
    params = {
      :Action           => action,
      :Version          => API_VERSION,
      :Timestamp        => Time.now.getutc.strftime('%Y-%m-%dT%H:%M:%SZ'),
      :SignatureVersion => 2,
      :SignatureMethod  => "Hmac#{ALGORITHM}",
      :AWSAccessKeyId   => @accessKeyId,
    }.merge(params)

    signature = aws_sign(params)
    params[:Signature] = signature

    Net::HTTP.version_1_2
    https = Net::HTTP.new(HOST, 443)
    https.use_ssl = true
    https.verify_mode = OpenSSL::SSL::VERIFY_NONE

    https.start do |w|
      req = Net::HTTP::Post.new('/',
        'Host' => HOST,
        'Content-Type' => 'application/x-www-form-urlencoded'
      )

      req.set_form_data(params)
      res = w.request(req)

      res.body
    end
  end

  private
  def aws_sign(params)
    params = params.sort_by {|a, b| a.to_s }.map {|k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')
    string_to_sign = "POST\n#{HOST}\n/\n#{params}"
    digest = OpenSSL::HMAC.digest(OpenSSL::Digest.const_get(ALGORITHM).new, @secretAccessKey, string_to_sign)
    Base64.encode64(digest).gsub("\n", '')
  end
end

AWSAccessKeyId = '<YourAWSAccessKeyId>'
AWSSecretAccessKey = '<YourAWSSecretAccessKey>'

iamcli = IAMClient.new(AWSAccessKeyId, AWSSecretAccessKey)
puts iamcli.query('ListUsers')


出力はこんな感じ。






XXX
/XXX
XXX
arn:aws:iam::XXX:XXX
2010-12-02T06:07:48Z


false


XXX-XXX-XXX-XXX-XXX