cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Duffy <>
Subject AWS EC2 Compatibility Interface
Date Tue, 04 Feb 2014 06:55:17 GMT
Hi Guys,

Question for you about the authentication of users using the EC2 REST
Servlet exposed by the AWSAPI.

>From what I understand, an EC2 REST client will make a request to the
servlet with their Cloudstack API key, a HMAC Signature for the EC2 request
and other parameters such as the action, a timestamp, possible action
parameters etc. Since the Cloudstack API uses different parameters we
cannot reuse the signature, introducing the requirement for the one time
AWS API User Registration.

>From briefly looking at the EC2 Compatibility Interface layer I understand
the flow to be as follows:

1) Get all the parameters for the EC2 API request.
2) Look up the users API Key in the compatibility Interface layer database
get their secret key
3) Verify signature by attempting to re-encode the parameters excluding the
signature using the API Key and the secret key, if passed continue to
process request.

Is this correct or am I missing something?

As a personal preference do you prefer hitting the API call SetUserKeys or
using the script cloudstack-aws-api-register to register users within the


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message