使用没有凭证的 AWS 开发工具包来确认 SNS 订阅 --> 没有配置 RegionEndpoint 或 ServiceURL

Question

我没有 AWS 账户。我确实有一个 HTTP POST webhook，它应该接收到 SNS 主题的 HTTPS 端点。尝试确认订阅时，日志中有以下错误消息：

未配置 RegionEndpoint 或 ServiceURL

我使用适用于 .NET 的官方 AWS 开发工具包调用 ConfirmSubscriptionAsync 方法。我使用 SDK 的目的是它本身应该处理签名验证，正如 AWS 文档中所建议的那样。但是，如果我不为自己提供 AWS 账户，则无法做到这一点。这是预期的吗？

这是处理传入请求的代码

    public class Func
    {
        [FunctionName(nameof(Func))]
        public async Task Run(
        [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "/receive/sns")] HttpRequest req, ILogger log)
        {
            if (req.Headers.TryGetValue("x-amz-sns-message-type" , out var msgType))
            {
                if (msgType == "SubscriptionConfirmation")
                {
                    var snsClient = new AmazonSimpleNotificationServiceClient();
                    var subscriptionRequest = await JsonSerializer.DeserializeAsync<ConfirmSubscriptionRequest>(req.Body);
                    var subscriptionResponse = await snsClient.ConfirmSubscriptionAsync(subscriptionRequest);
                    log.LogTrace(Newtonsoft.Json.JsonConvert.SerializeObject(subscriptionResponse));
                }
                else if (msgType == "Notification")
                {
                    var notification = await JsonSerializer.DeserializeAsync<AwsSnsNotification>(req.Body);
                    log.LogTrace(JsonSerializer.Serialize(notification));
                }
                else
                {
                    throw new ArgumentOutOfRangeException("`x-amz-sns-message-type header`", msgType, "Allowed as per AWS doc: `SubscriptionConfirmation`, `Notification`");
                }
            }
            else
            {
                throw new ArgumentNullException("x-amz-sns-message-type header not set");
            }
        }
    }

Answer 1

无需创建客户端实例即可解决。消息模型公开了一个静态ParseMessage 方法。然后在 Message 的实例上，我可以调用 IsMessageSignatureValid 方法。随后我只是 HTTP GET 订阅确认 url 并完成。在这里发帖，希望这对其他人也有帮助。

    public class Func
    {
        [FunctionName(nameof(Func))]
        public async Task Run(
        [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "receive/sns")] HttpRequest req, ILogger log)
        {
            if (req.Headers.TryGetValue("x-amz-sns-message-type" , out var msgType))
            {
                var reqBody = await new StreamReader(req.Body, Encoding.UTF8).ReadToEndAsync();
                var msg = Message.ParseMessage(reqBody);
                if (!msg.IsMessageSignatureValid())
                {
                    throw new UnauthorizedAccessException("Message signature invalid");
                }
                else
                {
                    if (msgType == "SubscriptionConfirmation")
                    {
                        await Http.GetAsync(msg.SubscribeURL);
                    }
                    else if (msgType == "Notification")
                    {
                        log.LogTrace(msg.MessageText);
                    }
                    else
                    {
                        throw new ArgumentOutOfRangeException("`x-amz-sns-message-type header`", msgType, "Allowed as per AWS doc: `SubscriptionConfirmation`, `Notification`");
                    }
                }
            }
            else
            {
                throw new ArgumentNullException("x-amz-sns-message-type header not set");
            }
        }
    }