While trying to follow along the document (AWS IAM Authenticator) for integrating Conjur OSS with AWS IAM and to authenticate to Conjur OSS using RUBY API from an AWS EC2 instance, getting error message as "usr/local/rvm/gems/ruby-2.5.8/gems/rest-client-2.1.0/lib/restclient/abstract_response.rb:249:in `exception_with_response’: 404 Not Found (RestClient::NotFound)"
Ruby Script that I use is pasted below
require 'aws-sigv4’
require 'aws-sdk’
require 'conjur-api’
request = Aws::Sigv4::Signer.new(
** service: ‘sts’,**
** region: ‘us-east-1’,**
** credentials_provider: Aws::InstanceProfileCredentials.new**
).sign_request(
** http_method: ‘GET’,**
** url: ‘https://sts.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15’**
).headers
Conjur.configuration.account = 'myConjurAccount’
#Conjur.configuration.appliance_url = 'https://proxy:8443’
Conjur.configuration.appliance_url = 'https://proxy:8443/authn-iam/prod’
Conjur.configuration.cert_file = '/etc/ssl/certs/conjur-myConjurAccount.pem’
Conjur.configuration.apply_cert_config!
conjur = Conjur::API.new_from_key 'host/aws/9020*****:assumed-role/MyApp’, request.to_json**
puts conjur.token
We’re getting the AWS STS signed request properly, however while trying to authenticate to Conjur OSS AWS IAM endpoint, receiving 404 error message. Before spinning up the CONJUR OSS, update d the environment variable CONJUR_AUTHENTICATORS=authn-iam/prod as per the documentation.
Now, in order to see if the CONJUR_AUTHENTICATORS=authn-iam/prod is actaully updated in Conjur_Server container under /opt/etc/conjur directory, can’t see the conjur.conf file. Not sure where this file exists in Conjur OSS to see if this parameter CONJUR_AUTHENTICATORS=authn-iam/prod is properly updated and Conjur OSS is properly enabled for AWS authentication or not.
If anyone faced this issue before, please advise.
Can see same problem is already discussed in this forum (AWS IAM authenticator throwing error "CONJ00018E Invalid or expired AWS headers" - #3 by vivekrautela) however I don’t see the solution mentioned there.
Cheers,
Naren