Hi Ian, For EC2 REST authentication you do not need to use the script cloudstack-aws-api-register - the script is useful for SOAP only to register the certificate. For REST you just need the keys that you can obtain by logging in to CloudStack UI as a root admin and generate the signature for the API call as you have mentioned.
This will provide some information on how to make the call using Boto and other tools https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=30736866 Prachi -----Original Message----- From: Ian Duffy [mailto:i...@ianduffy.ie] Sent: Monday, February 03, 2014 10:55 PM To: CloudStack Dev Cc: Sebastien Goasguen Subject: AWS EC2 Compatibility Interface Hi Guys, Question for you about the authentication of users using the EC2 REST Servlet exposed by the AWSAPI. From what I understand, an EC2 REST client will make a request to the servlet with their Cloudstack API key, a HMAC Signature for the EC2 request and other parameters such as the action, a timestamp, possible action parameters etc. Since the Cloudstack API uses different parameters we cannot reuse the signature, introducing the requirement for the one time AWS API User Registration. From briefly looking at the EC2 Compatibility Interface layer I understand the flow to be as follows: 1) Get all the parameters for the EC2 API request. 2) Look up the users API Key in the compatibility Interface layer database get their secret key 3) Verify signature by attempting to re-encode the parameters excluding the signature using the API Key and the secret key, if passed continue to process request. Is this correct or am I missing something? As a personal preference do you prefer hitting the API call SetUserKeys or using the script cloudstack-aws-api-register to register users within the database? Thanks, Ian
