Question

I've been unable to access a simple AWS IOT REST service yet. 
This is what I did:- 
Downloaded the access key and secret key after creating an iam user in my AWS
Logged in to AWS IoT with the same and created a "thing"
Found the REST URL for the shadow in the thing's property 
provided the access key, secret key, region, and service name(iot) to Postman with new "aws signature" feature
Attempted to "GET" the endpoint and here is what I got:

{
      "message": "Credential should be scoped to correct service. ",
      "traceId": "be056198-d202-455f-ab85-805defd1260d"
}

Thinking that there was something wrong with postman, I tried to use the aws-sdk-sample example for connecting to S3 and changed it to connect to the IOT URL. The following is my code snippet:

String awsAccessKey = "fasfasfasdfsdafs";
String awsSecretKey = "asdfasdfasfasdfasdfasdf/asdfsdafsd/fsdafasdf";

URL  endpointUrl = null;
String regionName = "us-east-1";
try {
    endpointUrl = new URL("https://dasfsdfasdf.iot.us-east-1.amazonaws.com/things/SOMETHING/shadow");
}catch (Exception e){
    e.printStackTrace();
}
Map<String, String> headers = new HashMap<String, String>();
headers.put("x-amz-content-sha256", AWSSignerBase.EMPTY_BODY_SHA256);

AWSSignerForAuthorizationHeader signer = new AWSSignerForAuthorizationHeader(
        endpointUrl, "GET", "iot", regionName);
String authorization = signer.computeSignature(headers,
        null, // no query parameters
        AWSSignerBase.EMPTY_BODY_SHA256,
        awsAccessKey,
        awsSecretKey);

// place the computed signature into a formatted 'Authorization' header
// and call S3
headers.put("Authorization", authorization);
String response = HttpUtils.invokeHttpRequest(endpointUrl, "GET", headers, null);
System.out.println("--------- Response content ---------");
System.out.println(response);
System.out.println("------------------------------------");

Got the same error here:-

--------- Request headers ---------
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Authorization: AWS4-HMAC-SHA256 Credential=fasfasfasdfsdafs/20160212/us-east-1/iot/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=3b2194051a8dde8fe617219c78c2a79b77ec92338028e9e917a74e8307f4e914
x-amz-date: 20160212T182525Z
Host: dasfsdfasdf.iot.us-east-1.amazonaws.com
--------- Response content ---------
{"message":"Credential should be scoped to correct service. ","traceId":"cd3e0d96-82fa-4da5-a4e1-b736af6c5e34"}
------------------------------------

The AWS documentation isn't helping much, so is there anyone who can tell me if I'm doing something wrong? TIA

Answer 1

You should sign your request with iotdata instead of just iot and it'll solve the problem.

Like here:

AWSSignerForAuthorizationHeader signer = new AWSSignerForAuthorizationHeader(
    endpointUrl, "GET", "iotdata", regionName);