[newbie Q] issues with curl -X POST "https://.../v1/auth/aws/login"


Sorry for the noob Q but I’m stuck, and any help is appreciated!

I’ve got this vault CLI command doing aws auth successfully:
vault login --token-only --method=aws header_value=… role=…
(please note that this command works when the following env vars are configured: 1. VAULT_CACERT, 2. AWS_ACCESS_KEY_ID, 3. AWS_SECRET_ACCESS_KEY, 4. AWS_SESSION_TOKEN)

What I’m trying to achieve is to convert the above vault CLI call to API call, using this manual - AWS - Auth Methods - HTTP API | Vault by HashiCorp, and it doesn’t go smoothly. I’ve got 3 questions:

  1. How do I create iam_request_headers ? If I use Base64-encoding, what is the string that should be encoded based on AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN? Could you please provide an example?

  2. Where do I use VAULT_CACERT (pointing to a local PEM file) and how? I do need it for my “vault login” CLI so I assume I should use it in API command as well…

  3. Do I need to reflect “–token-only” in my API call? How?

Thanks a lot in advance,