How to use aws4 - 10 common examples
To help you get started, we’ve selected a few aws4 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
mhart / kinesalite / test / helpers.js View on Github 
function request(options, cb) {
if (typeof options === 'function') { cb = options; options = {} }
cb = once(cb)
for (var key in requestOpts) {
if (options[key] === undefined)
options[key] = requestOpts[key]
}
if (!options.noSign) {
aws4.sign(options)
options.noSign = true // don't sign twice if calling recursively
}
// console.log(options)
(options.ssl ? https : http).request(options, function(res) {
res.on('error', cb)
var chunks = []
res.on('data', function(chunk) { chunks.push(chunk) })
res.on('end', function() {
res.rawBody = Buffer.concat(chunks)
if ((res.headers['content-type'] || '').indexOf('application/x-amz-cbor') !== 0) {
res.body = res.rawBody.toString('utf8')
try { res.body = JSON.parse(res.body) } catch (e) {} // eslint-disable-line no-empty
} else {
try { res.body = cbor.Decoder.decodeFirstSync(res.rawBody) } catch (e) {} // eslint-disable-line no-empty
}
if (res.body.__type == 'LimitExceededException' && /^Rate exceeded/.test(res.body.message))var http = require('http'),
https = require('https'),
aws4 = require('aws4')
// given an options object you could pass to http.request
var opts = {host: 'sqs.us-east-1.amazonaws.com', path: '/?Action=ListQueues'}
// alternatively (as aws4 can infer the host):
opts = {service: 'sqs', region: 'us-east-1', path: '/?Action=ListQueues'}
// alternatively (as us-east-1 is default):
opts = {service: 'sqs', path: '/?Action=ListQueues'}
aws4.sign(opts) // assumes AWS credentials are available in process.env
console.log(opts)
/*
{
host: 'sqs.us-east-1.amazonaws.com',
path: '/?Action=ListQueues',
headers: {
Host: 'sqs.us-east-1.amazonaws.com',
'X-Amz-Date': '20121226T061030Z',
Authorization: 'AWS4-HMAC-SHA256 Credential=ABCDEF/20121226/us-east-1/sqs/aws4_request, ...'
}
}
*/
// we can now use this to query AWS using the standard node.js http API
http.request(opts, function(res) { res.pipe(process.stdout) }).end()self._aws = opts
return self
}
if (opts.sign_version === 4 || opts.sign_version === '4') {
// use aws4
var options = {
host: self.uri.host,
path: self.uri.path,
method: self.method,
headers: {
'content-type': self.getHeader('content-type') || ''
},
body: self.body
}
var signRes = aws4.sign(options, {
accessKeyId: opts.key,
secretAccessKey: opts.secret,
sessionToken: opts.session
})
self.setHeader('authorization', signRes.headers.Authorization)
self.setHeader('x-amz-date', signRes.headers['X-Amz-Date'])
if (signRes.headers['X-Amz-Security-Token']) {
self.setHeader('x-amz-security-token', signRes.headers['X-Amz-Security-Token'])
}
} else {
// default: use aws-sign2
var date = new Date()
self.setHeader('date', date.toUTCString())
var auth = {
key: opts.key,
secret: opts.secret,self._aws = opts
return self
}
if (opts.sign_version == 4 || opts.sign_version == '4') {
// use aws4
var options = {
host: self.uri.host,
path: self.uri.path,
method: self.method,
headers: {
'content-type': self.getHeader('content-type') || ''
},
body: self.body
}
var signRes = aws4.sign(options, {
accessKeyId: opts.key,
secretAccessKey: opts.secret
})
self.setHeader('authorization', signRes.headers.Authorization)
self.setHeader('x-amz-date', signRes.headers['X-Amz-Date'])
}
else {
// default: use aws-sign2
var date = new Date()
self.setHeader('date', date.toUTCString())
var auth =
{ key: opts.key
, secret: opts.secret
, verb: self.method.toUpperCase()
, date: date
, contentType: self.getHeader('content-type') || ''export function createPresignedURL(
{
host = process.env.AWS_IOT_HOST,
path = '/mqtt',
region = process.env.AWS_REGION,
service = 'iotdevicegateway',
accessKeyId = process.env.AWS_ACCESS_KEY_ID,
secretAccessKey = process.env.AWS_SECRET_ACCESS_KEY,
sessionToken = process.env.AWS_SESSION_TOKEN,
// expires = 0, // @TODO: 300, check if this is working http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
} = {},
): string {
const signed = aws4.sign(
{
host,
path,
service,
region,
signQuery: true,
// headers: {
// 'X-Amz-Expires': expires,
// },
},
{
accessKeyId,
secretAccessKey,
},
)self._aws = opts
return self
}
if (opts.sign_version === 4 || opts.sign_version === '4') {
// use aws4
var options = {
host: self.uri.host,
path: self.uri.path,
method: self.method,
headers: {
'content-type': self.getHeader('content-type') || ''
},
body: self.body
}
var signRes = aws4.sign(options, {
accessKeyId: opts.key,
secretAccessKey: opts.secret,
sessionToken: opts.session
})
self.setHeader('authorization', signRes.headers.Authorization)
self.setHeader('x-amz-date', signRes.headers['X-Amz-Date'])
if (signRes.headers['X-Amz-Security-Token']) {
self.setHeader('x-amz-security-token', signRes.headers['X-Amz-Security-Token'])
}
} else {
// default: use aws-sign2
var date = new Date()
self.setHeader('date', date.toUTCString())
var auth = {
key: opts.key,
secret: opts.secret,import * as aws4 from "aws4";
let requestSigner = new aws4.RequestSigner({}, {});
requestSigner.matchHost("");
requestSigner.isSingleRegion();
requestSigner.createHost();
requestSigner.prepareRequest();
requestSigner.sign();
requestSigner.getDateTime();
requestSigner.getDate();
requestSigner.authHeader();
requestSigner.signature();
requestSigner.stringToSign();
requestSigner.canonicalString();
requestSigner.canonicalHeaders();
requestSigner.signedHeaders();
requestSigner.credentialString();
requestSigner.defaultCredentials();
requestSigner.parsePath();fetch(opts: RequestOptions, credentials: Credentials) {
let signer = new RequestSigner(opts, credentials);
signer.request.protocol = 'https:';
signer.sign();
const req = signer.request;
let url = `${req.protocol}//${req.hostname}${req.path}`
console.debug("AWS S3 requesting URL:", url)
return fetch(url, { method: req.method, headers: req.headers });
},
signfunction writeGitParameters(options) {
let username = credentials.accessKeyId;
if (credentials.sessionToken) {
username += `%${credentials.sessionToken}`;
}
options.service = SERVICE;
options.method = METHOD;
const signer = new aws4.RequestSigner(options, credentials);
const password = `${signer.getDateTime()}Z${signer.signature()}`
console.log(`username=${username}`);
console.log(`password=${password}`);
}signRequest(path, method) {
const {accessKeyId, secretAccessKey, sessionToken} = this.session.resource;
return aws4.sign({
signQuery: true,
service: 'imdbapi',
region: 'us-east-1',
method,
host: API_BASE,
path: `${path}?X-Amz-Security-Token=${encodeURIComponent(sessionToken).replace(/[!'()*]/g, escape)}`
}, {
accessKeyId,
secretAccessKey
});
}aws4
Signs and prepares requests using AWS Signature Version 4
