Hi Guys, Question for you about the authentication of users using the EC2 REST Servlet exposed by the AWSAPI.
>From what I understand, an EC2 REST client will make a request to the servlet with their Cloudstack API key, a HMAC Signature for the EC2 request and other parameters such as the action, a timestamp, possible action parameters etc. Since the Cloudstack API uses different parameters we cannot reuse the signature, introducing the requirement for the one time AWS API User Registration. >From briefly looking at the EC2 Compatibility Interface layer I understand the flow to be as follows: 1) Get all the parameters for the EC2 API request. 2) Look up the users API Key in the compatibility Interface layer database get their secret key 3) Verify signature by attempting to re-encode the parameters excluding the signature using the API Key and the secret key, if passed continue to process request. Is this correct or am I missing something? As a personal preference do you prefer hitting the API call SetUserKeys or using the script cloudstack-aws-api-register to register users within the database? Thanks, Ian
