| Subject: | SignatureDoesNotMatch errors when using UserData parameter |
Well this led me on a merry chase so I thought I'd share it with
everyone else.
A couple of days ago we started getting "The request signature we
calculated does not match the signature you provided." every time we
tried to run a new EC2 instance. The problem only manifested itself on
our local server, it worked everywhere else and only occurred when we
specified a userdata parameter. After digging through the code I found
the problem... someone had upgraded HTTP::Request::Common to the latest
version.
As it turns out when signing the HTTP request the encoded value for the
userdata has a trailing newline. This gets included both in the
signature and also in the final POST request. But the latest version of
HTTP::Request::Common converts the newline to a CR LF resulting in the
signature then never matching the post request. You can see the details
about the change in the changelog at:
http://cpansearch.perl.org/src/GAAS/HTTP-Message-6.03/Changes
I have to imagine that this will bite others as they do fresh
installs/upgrades. There's a simple change to VM::EC2 to pass an empty
string to encode_base64() as so:
push @p,('UserData' =>encode_base64($args{-user_data},''))
that would fix the problem.