When accessing Amazon SQS using Query, SOAP (without using WS-Security), or REST, you must provide the following items so the request can be authenticated: AWSAccessKeyID—Your AWS account is identified by your Access Key ID, which AWS uses to look up your Secret Access Key. Signature—Each request must contain a valid request signature, or the request is rejected. A request signature is calculated using your Secret Access Key, which is a shared secret known only to you and AWS. Date—Each request must contain the time stamp of the request. Depending on the API you're using (Query, SOAP, or REST), you can provide an expiration date and time for the request instead of or in addition to the time stamp. See the authentication topic for the particular API for details of what is required and allowed for that API.
Below is the series of tasks required to authenticate requests to AWS. It is assumed you have already created an AWS account and received an Access Key ID and Secret Access Key. You perform the first three tasks.
AWS performs the next three tasks.
The time stamp (or expiration time) you use in the request must be a dateTime object (http://www./TR/xmlschema-2/#dateTime). Although it is not required, we recommend you provide the time stamp in the Coordinated Universal Time (Greenwich Mean Time) time zone. For example: 2007-01-31T23:59:59.183Z. If you specify a time stamp (instead of an expiration time), the request automatically expires 15 minutes after the time stamp (in other words, AWS does not process a request if the request time stamp is more than 15 minutes earlier than the current time on AWS servers). Make sure your server's time is set correctly. | Important |
---|
If you are using .NET you must not send overly specific time stamps, due to different interpretations of how extra time precision should be dropped. To avoid overly specific time stamps, manually construct dateTime objects with no more than millisecond precision. |
|