My use case
Copy an encrypted EBS snapshot to a different region.
Language
Golang
AWS Documentation
When you copy an encrypted source snapshot using the Amazon EC2 Query API, you must supply a pre-signed URL. This parameter is optional for unencrypted snapshots. For more information, see Query Requests (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html).
The PresignedUrl should use the snapshot source endpoint, the CopySnapshot action, and include the SourceRegion, SourceSnapshotId, and DestinationRegion parameters. The PresignedUrl must be signed using AWS Signature Version 4. Because EBS snapshots are stored in Amazon S3, the signing algorithm for this parameter uses the same logic that is described in Authenticating Requests by Using Query Parameters (AWS Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) in the Amazon Simple Storage Service API Reference. An invalid or improperly signed PresignedUrl will cause the copy operation to fail asynchronously, and the snapshot will move to an error state.
PresignedUrl *string `locationName:"presignedUrl" type:"string"
My code
copyInput := ec2.CopySnapshotInput{
Description: aws.String("Copy snapshot across regions"),
SourceRegion: aws.String(sourceRegion),
SourceSnapshotId: aws.String(snapshotId),
DestinationRegion: aws.String(destinationRegion),
}
ec2client, err := getAwsEC2Client(destinationRegion)
req, copyOutput := ec2client.CopySnapshotRequest(©Input)
err = req.Sign()
if err != nil {
log.Fatalf("Failed to sign request.")
}
err = req.Send()
if err != nil {
log.Fatalf("copy snapshot failed with input: %+v
output: %+v, err: %+v", copyInput, copyOutput, err)
}
Observed Behavior
The code seems to go through execution successfully according to my logs and I get a new snapshot id back. In the target region, the new snapshot id points to a snapshot in error state.
Question
According to the documentation, I need to specify PresignedUrl. I googled and also read some of the aws-sdk-go code. But I could not find a good example. Is my understanding of the problem correct? How do I find the presigned URL?