IAMのAPI検証用に書いてみた。
#!/usr/bin/env ruby require 'cgi' require 'base64' require 'net/https' require 'openssl' require 'time' class IAMClient API_VERSION = '2010-05-08' HOST = 'iam.amazonaws.com' ALGORITHM = :SHA1 #ALGORITHM = :SHA256 def initialize(accessKeyId, secretAccessKey) @accessKeyId = accessKeyId @secretAccessKey = secretAccessKey end def query(action, params = {}) params = { :Action => action, :Version => API_VERSION, :Timestamp => Time.now.getutc.strftime('%Y-%m-%dT%H:%M:%SZ'), :SignatureVersion => 2, :SignatureMethod => "Hmac#{ALGORITHM}", :AWSAccessKeyId => @accessKeyId, }.merge(params) signature = aws_sign(params) params[:Signature] = signature Net::HTTP.version_1_2 https = Net::HTTP.new(HOST, 443) https.use_ssl = true https.verify_mode = OpenSSL::SSL::VERIFY_NONE https.start do |w| req = Net::HTTP::Post.new('/', 'Host' => HOST, 'Content-Type' => 'application/x-www-form-urlencoded' ) req.set_form_data(params) res = w.request(req) res.body end end private def aws_sign(params) params = params.sort_by {|a, b| a.to_s }.map {|k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join('&') string_to_sign = "POST\n#{HOST}\n/\n#{params}" digest = OpenSSL::HMAC.digest(OpenSSL::Digest.const_get(ALGORITHM).new, @secretAccessKey, string_to_sign) Base64.encode64(digest).gsub("\n", '') end end AWSAccessKeyId = '<YourAWSAccessKeyId>' AWSSecretAccessKey = '<YourAWSSecretAccessKey>' iamcli = IAMClient.new(AWSAccessKeyId, AWSSecretAccessKey) puts iamcli.query('ListUsers')
出力はこんな感じ。
XXX
/XXX
XXX
arn:aws:iam::XXX:XXX
2010-12-02T06:07:48Z
false
XXX-XXX-XXX-XXX-XXX