cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Pullox
Frequent Visitor

AWS Signature using HTTP Action

Trying to use Amazon SP-API to get some data from Amazon Seller Central into Power Automate but I'm stuck on the step where you need to generate temporary credentials using AWS STS I manage to do it in Postman following this guide but cannot seem to create the authorization in Power Automate using the HTTP Action. I've found only the suggestions in this post but seems too complicated to create python web app in azure and then invoke but will do it if no other solution is possible. https://powerusers.microsoft.com/t5/Building-Flows/Connect-to-Amazon-S3/td-p/156106

 

 

Here is how the authorization looks in Postman:

Pullox_0-1647710139916.png

 

I cannot figure out how to recreate this AWS authorization in the HTTP action and adding the access key, secret and session token manually defeats the purpose of automating it.

 

Pullox_1-1647710288465.png

 

Thanks in advance for all your help, suggestions and/or criticism. Any hints will be highly appreciated.

 

Sincerley,

Pullox

 

11 REPLIES 11
Pullox
Frequent Visitor

Wanted to share an update on my progress with this.

I found an encodian connector called "Create HMAC" reference here. Which I believe might help solve the issue with signature, from the AWS documentation here it seems that I need to do 4 HMAC calculations but I cannot figure out which part keep getting wrong.

 

Here is a part of my flow if it helps:

Pullox_0-1648205102964.png

 

I keep getting this error from the STS HTTP request which I understand as I'm doing some wrong regarding the signature.

 

<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  <Error>
    <Type>Sender</Type>
    <Code>SignatureDoesNotMatch</Code>
    <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
  </Error>
  <RequestId>0c3cd747-ffa2-4beb-b909-38fae55c846d</RequestId>
</ErrorResponse>

 

Pullox
Frequent Visitor

Hello,

 

I'm still super stuck with this issue so sharing my progress hoping that someone can help out. 🙂

 

Here is summary of the signing steps and my recreation of it in Power Automate:

 

To create a signed request, complete the following:

Pullox_0-1648571838718.png

 

Pullox_1-1648571904397.png

 

  • Task 3: Calculate the signature for AWS Signature Version 4

    Derive a signing key by performing a succession of keyed hash operations (HMAC operations) on the request date, Region, and service, with your AWS secret access key as the key for the initial hashing operation. After you derive the signing key, you then calculate the signature by performing a keyed hash operation on the string to sign. Use the derived signing key as the hash key for this operation.

Pullox_2-1648571980666.png
Pullox_3-1648572012886.png
Pullox_4-1648572037919.png
Pullox_5-1648572064558.png

Pullox_6-1648572103169.png

 

Pullox_8-1648572197982.png

 

Only thing that comes to my mind is the fact that I cannot seem to output the hashes from Task 3 in binary as Power Automate doesn't show binary even if you use the expression base64ToBinary it shows a json representation of a binary output..

 

 

 

{
 "$contenct-type": "application/octet=stream",
 "$conctent": "ASDdsaASDQWesdsdgHdfgfDsdffdsfDS524DF"
}

 

 

 

Apologies for the long post and thanks for your help in advance!

 

Sicnerely,

 

Pullox

TheCalebG
Frequent Visitor

Bummer that no one has jumped in here on this yet. Amazon's API documentation is cryptic! I really appreciate your snapshots. I was having a hard time figuring out the passing of a signature to the requests in Postman. 

 

I want to automate inventory management from our internal ERP database and expand on reporting with PowerBI. 

Did you get any further on this @Pullox ??

Pullox
Frequent Visitor

@TheCalebG , we did get further but ended up using Amazon Web Services (AWS) SDK for Python to call the Amazon Simple Queue Service (Amazon SQS) aka Boto3, this function was added to azure cloud which then completes the following steps:

  1. Creates a canonical request
  2. Creates String to sign
  3. Calculates the signature
  4. Adds the signature to the HTTP request
  5. Sends the HTTP request

Hope this helps, we are currently in the process of implementing this to a Power Automate flow, I'll gladly share the results once it is completed.

 

 

 

ctpmthh
Helper I
Helper I

@Pullox , Thanks you share your development !

You replaced this flow ( where you creating request, calculates signature... ) with function in Azure ?

Thanks !

@Pullox Would you be able to share more direction on how you got this sorted out. 

Any help would be appreciated.

 

Eder_Car_Lima1
Regular Visitor

@Pullox Could you share how the final solution turned out? I'm having the same difficulty generating this signature.

annie23
Helper I
Helper I

AWS Signature using HTTP Action makes it easy to sign actions taken by an AWS instance or subscription. It provides a secure way to sign and manage Amazon Web Services actions.

Hello @annie23

 

Thanks for jumping into the topic, can you please specify how you deal with the authentication as it was a challenge for me. Thanks in advance!

Eder_Car_Lima1
Regular Visitor

Could you send an example of how this authentication was performed?

To use the AWS Signature Version 4 authentication process with HTTP actions, you will need to do the following:
Create a canonical request:
Begin by creating a canonical request for the desired HTTP action. The canonical request should include the HTTP method, URI, query string parameters, headers, and the payload if the action includes a payload.
Create a string to sign:
Next, create a string to sign by concatenating various information, including the algorithm used, the requested date, the credential scope, and the hashed canonical request.
Calculate the signature:
Use the string to sign and your AWS secret key to calculate the signature for the request.
Add the signature to the request:
Finally, add the calculated signature, access key, and other required information to the request headers.
This process can be complex, so it is often helpful to use a library or pre-built tool to handle the authentication process for you.

Helpful resources

Announcements
Power Automate News & Announcements

Power Automate News & Announcements

Keep up to date with current events and community announcements in the Power Automate community.

Community Calls Conversations

Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Automate Community Blog

Power Automate Community Blog

Check out the latest Community Blog from the community!

Users online (5,033)