You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The 2024-09-25 release of smithy-go (the underlying code generation and runtime component on which AWS SDK for Go v2 is built) includes a new opt-in module, aws-http-auth, which exposes general-purpose APIs for signing HTTP requests with AWS Signature Version 4 and 4a.
Background
AWS Signature Version 4 (SigV4) is the modern HTTP-based authentication mechanism used by AWS and its services.
Within the AWS service ecosystem, there exist a variety of use cases that require communication with some entity that is not directly supported via SDKs, but requires SigV4 (or SigV4a) signing. For example, customers can configure APIGateway endpoints to use IAM as the authorizer, which can then be called using SigV4 signing.
Prior to this release, true general-purpose signers that could be used have not been available in the Go language. This release aims to solve that problem by providing generic, on-spec implementations of both the SigV4 and SigV4a algorithms.
Quickstart
The new signing APIs are available in the standalone aws-http-auth module, which can be retrieved via go get:
go get -u github.com/aws/smithy-go/aws-http-auth
The following example demonstrates basic request signing with SigV4:
import (
"net/http""os""strings""github.com/aws/smithy-go/aws-http-auth/credentials""github.com/aws/smithy-go/aws-http-auth/sigv4"
)
// implements no-op closertypenopCloserstruct{
io.ReadSeeker
}
func (nopCloser) Close() error {
returnnil
}
// load our AWS credentials - this example simply pulls from the environmentcreds:= credentials.Credentials{
AccessKeyID: os.Getenv("AWS_ACCESS_KEY_ID"),
SecretAccessKey: os.Getenv("AWS_SECRET_ACCESS_KEY"),
SessionToken: os.Getenv("AWS_SESSION_TOKEN"),
}
// part of sigv4 involves calculating the SHA256 hash of the request body// if your request body implements io.Seeker, the signer will automatically do this for you//// IMPORTANT: http.NewRequest wraps your body with io.NopCloser() if it does not implement Closer.// This has a side effect of eliding the io.Seeker component of the input. If you build your request with// http.NewRequest, and you intend to do payload signing, make sure your input body already implements// io.ReadSeekCloser so this does not happen.body:=nopCloser{strings.NewReader(`{"param":"value"}`)}
req, _:=http.NewRequest(http.MethodPost, "https://myservice-vpc-endpoint.amazonaws.com", body)
signer:=sigv4.New()
err:=signer.SignRequest(&sigv4.SignRequestInput{
Request: http.Request,
Credentials: aws.Credentials,
Service: "apigateway",
Region: "us-west-2",
})
iferr!=nil {
panic(err)
}
// request is now signed
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The 2024-09-25 release of smithy-go (the underlying code generation and runtime component on which AWS SDK for Go v2 is built) includes a new opt-in module, aws-http-auth, which exposes general-purpose APIs for signing HTTP requests with AWS Signature Version 4 and 4a.
Background
AWS Signature Version 4 (SigV4) is the modern HTTP-based authentication mechanism used by AWS and its services.
Within the AWS service ecosystem, there exist a variety of use cases that require communication with some entity that is not directly supported via SDKs, but requires SigV4 (or SigV4a) signing. For example, customers can configure APIGateway endpoints to use IAM as the authorizer, which can then be called using SigV4 signing.
Prior to this release, true general-purpose signers that could be used have not been available in the Go language. This release aims to solve that problem by providing generic, on-spec implementations of both the SigV4 and SigV4a algorithms.
Quickstart
The new signing APIs are available in the standalone
aws-http-authmodule, which can be retrieved viago get:The following example demonstrates basic request signing with SigV4:
Beta Was this translation helpful? Give feedback.
All reactions