bbcoimbra/aws_rds_reboot_instance.sh

## aws_rds_reboot_instance.sh
#!/bin/sh
set -e

### UserVariables
aws_key_id="$1"
aws_key_secret="$2"
dbinstance="$3"

### InternalVariables
aws_host="amazonaws.com"
action="RebootDBInstance"
aws_region="us-east-2"
aws_service="rds"
version="2014-10-31"
date=$(date -u +%Y%m%d)
time=$(date -u +%H%M%S)
datetime="${date}T${time}Z"
empty_payload_hash="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
sign_algo="AWS4-HMAC-SHA256"
signed_headers="host;x-amz-content-sha256;x-amz-date"
aws_str_fragment="aws4_request"
scope="${date}/${aws_region}/${aws_service}/$aws_str_fragment"
credential="${aws_key_id}/${scope}"

### Canonical request (empty body request)
request_method="GET"
request_uri="/"
query_string="Action=${action}&DBInstanceIdentifier=${dbinstance}&Version=${version}"
headers="host:${aws_service}.${aws_region}.${aws_host}\n"
headers="${headers}x-amz-content-sha256:$empty_payload_hash\n"
headers="${headers}x-amz-date:$datetime\n"
canonical_request="${request_method}\n${request_uri}\n${query_string}\n${headers}\n${signed_headers}\n${empty_payload_hash}"
canonical_request_hash=$( echo -ne $canonical_request | sha256sum - | cut -d\  -f 1)


### String to Sign
str_to_sign="${sign_algo}\n${datetime}\n${scope}\n${canonical_request_hash}"

### Sign Calculation

#### Deriving key
kSecret=$aws_key_secret
kDate=$(  echo -ne "$date" | openssl dgst -sha256 -hmac "AWS4${kSecret}" -binary | xxd -p | sed 's/[[:blank:]]//g' | sed 'N;s/\n//' )
kRegion=$(  echo -en "$aws_region" | openssl dgst -sha256 -mac HMAC -macopt "hexkey:$kDate" -binary | xxd -p | sed 's/[[:blank:]]//g' | sed 'N;s/\n//' )
kService=$(  echo -en "$aws_service" | openssl dgst -sha256 -mac HMAC -macopt "hexkey:$kRegion" -binary | xxd -p | sed 's/[[:blank:]]//g' | sed 'N;s/\n//' )
kSigning=$(  echo -en "$aws_str_fragment" | openssl dgst -sha256 -mac HMAC -macopt "hexkey:$kService" -binary | xxd -p | sed 's/[[:blank:]]//g' | sed 'N;s/\n//' )

#### signature
signature=$(  echo -en "$str_to_sign" | openssl dgst -sha256 -mac HMAC -macopt "hexkey:$kSigning" -binary | xxd -p | sed 's/[[:blank:]]//g' | sed 'N;s/\n//' )

### Final request

wget \
  --header "X-Amz-Content-SHA256: $empty_payload_hash" \
  --header "X-Amz-Date: $datetime" \
  --header "Authorization: $sign_algo Credential=$credential, SignedHeaders=$signed_headers, Signature=$signature" \
  -O - \
  "https://${aws_service}.${aws_region}.${aws_host}${request_uri}?Action=$action&DBInstanceIdentifier=$dbinstance&Version=$version"
	#!/bin/sh
	set -e

	### UserVariables
	aws_key_id="$1"
	aws_key_secret="$2"
	dbinstance="$3"

	### InternalVariables
	aws_host="amazonaws.com"
	action="RebootDBInstance"
	aws_region="us-east-2"
	aws_service="rds"
	version="2014-10-31"
	date=$(date -u +%Y%m%d)
	time=$(date -u +%H%M%S)
	datetime="${date}T${time}Z"
	empty_payload_hash="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
	sign_algo="AWS4-HMAC-SHA256"
	signed_headers="host;x-amz-content-sha256;x-amz-date"
	aws_str_fragment="aws4_request"
	scope="${date}/${aws_region}/${aws_service}/$aws_str_fragment"
	credential="${aws_key_id}/${scope}"

	### Canonical request (empty body request)
	request_method="GET"
	request_uri="/"
	query_string="Action=${action}&DBInstanceIdentifier=${dbinstance}&Version=${version}"
	headers="host:${aws_service}.${aws_region}.${aws_host}\n"
	headers="${headers}x-amz-content-sha256:$empty_payload_hash\n"
	headers="${headers}x-amz-date:$datetime\n"
	canonical_request="${request_method}\n${request_uri}\n${query_string}\n${headers}\n${signed_headers}\n${empty_payload_hash}"
	canonical_request_hash=$( echo -ne $canonical_request \| sha256sum - \| cut -d\ -f 1)


	### String to Sign
	str_to_sign="${sign_algo}\n${datetime}\n${scope}\n${canonical_request_hash}"

	### Sign Calculation

	#### Deriving key
	kSecret=$aws_key_secret
	kDate=$( echo -ne "$date" \| openssl dgst -sha256 -hmac "AWS4${kSecret}" -binary \| xxd -p \| sed 's/[[:blank:]]//g' \| sed 'N;s/\n//' )
	kRegion=$( echo -en "$aws_region" \| openssl dgst -sha256 -mac HMAC -macopt "hexkey:$kDate" -binary \| xxd -p \| sed 's/[[:blank:]]//g' \| sed 'N;s/\n//' )
	kService=$( echo -en "$aws_service" \| openssl dgst -sha256 -mac HMAC -macopt "hexkey:$kRegion" -binary \| xxd -p \| sed 's/[[:blank:]]//g' \| sed 'N;s/\n//' )
	kSigning=$( echo -en "$aws_str_fragment" \| openssl dgst -sha256 -mac HMAC -macopt "hexkey:$kService" -binary \| xxd -p \| sed 's/[[:blank:]]//g' \| sed 'N;s/\n//' )

	#### signature
	signature=$( echo -en "$str_to_sign" \| openssl dgst -sha256 -mac HMAC -macopt "hexkey:$kSigning" -binary \| xxd -p \| sed 's/[[:blank:]]//g' \| sed 'N;s/\n//' )

	### Final request

	wget \
	--header "X-Amz-Content-SHA256: $empty_payload_hash" \
	--header "X-Amz-Date: $datetime" \
	--header "Authorization: $sign_algo Credential=$credential, SignedHeaders=$signed_headers, Signature=$signature" \
	-O - \
	"https://${aws_service}.${aws_region}.${aws_host}${request_uri}?Action=$action&DBInstanceIdentifier=$dbinstance&Version=$version"