sigaws v0.6.0 - AWS Signature V4 signing and verification library
This release enables AWS STS Secure Token Service related tests in the AWS testsuite. Here is the changelog:
v0.6.0
Fixes:
-
Enabled AWS Secure Token tests (post-sts-token
). Use the AWS STS service to obtain
temporary credentials and the corresponding session token. Use the temporary credentials
to sign. The session token must be included as a request header or query string parameter
X-Amz-Secure-Token
.
All AWS Signature V4 tests in the testsuite pass. (Exceptions: post-vanilla-query-nonunreserved
and post-vanilla-query-space
. These tests seem to be wrong.)
AWS STS are supported only in request signing. They are not supported in the
verifier (plug_sigaws).
(AWS STS Ref)
Examples:
Signature to be passed as request headers
url = "https://ec2.amazonaws.com/Action=DescribeRegions&Version=2013-10-15"
{:ok, %{} = sig_data, _} =
Sigaws.sign_req(url, region: "us-east-1", service: "ec2",
access_key: System.get_env("AWS_ACCESS_KEY_ID"),
secret: System.get_env("AWS_SECRET_ACCESS_KEY"))
{:ok, resp} = HTTPoison.get(url, sig_data)
You can pass in request headers to be included in the signature. Make sure to merge the
signature with the headers before sending the request.
The same example is shown here making use of the temporary credentials obtained using
AWS STS Secure Token Service. Assuming the temporary credentials and the session
token are made available in environment variables:
url = "https://ec2.amazonaws.com/Action=DescribeRegions&Version=2013-10-15"
headers = %{"X-Amz-Secure-Token" => System.get_env("AWS_SESSION_TOKEN")}
{:ok, %{} = sig_data, _} =
Sigaws.sign_req(url, region: "us-east-1", service: "ec2", headers: headers,
access_key: System.get_env("AWS_ACCESS_KEY_ID"),
secret: System.get_env("AWS_SECRET_ACCESS_KEY"))
{:ok, resp} = HTTPoison.get(url, Map.merge(headers, sig_data))
Signature to be passed in query string (“presigned” URL)
url = "https://iam.amazonaws.com/Action=CreateUser&UserName=NewUser&Version=2010-05-08"
{:ok, %{} = sig_data, _} =
Sigaws.sign_req(url, region: "us-east-1", service: "iam", body: :unsigned,
access_key: System.get_env("AWS_ACCESS_KEY_ID"),
secret: System.get_env("AWS_SECRET_ACCESS_KEY"))
presigned_url = Sigaws.Util.add_params_to_url(url, sig_data)
{:ok, resp} = HTTPoison.get(presigned_url)