AWS Signature 4 Auth Dynamic Value (Paw Extension)
A Paw Extension to compute AWS Signature version 4 authentication signatures for the accessing the main AWS services including REST APIs build using AWS API Gateway that are protected using IAM.
To support AWS Signature 4 authentication please follow these steps:
- Install this extension. For now, you should install by using the Makefile (see Development section below).
- Add a header
Authorizationand set the value to this extension (start typing "AWS" and select AWS Signature 4).
- Enter your credentials by clicking on the dynamic value extension. The AWS Access and Secret keys are required. If you leave the other fields blank they will use defaults.
- Add a second header
X-Amz-Date. Set the value to custom timestamp (start typing "timestamp" and select any of the timestamp options).
- Enter a custom timestamp format by clicking on the dynamic value extension,
Custom formattingfrom the format. Enter the value
%G%m%dT%H%M%SZfor the format. Make sure
Nowis checked, delta is 0, and
local timeis unchecked. AWS requires the time be within a few seconds of server time in UTC (not local time).
If you don't have something to test against, follow the Getting Started
guide for the API Gateway service to create a basic "hello world" API. Make sure
that the API is protected by IAM security by choosing "authorization type"
AWS IAM in the console when configuring the method.
This extension is being developed primarily to test in-house API Gateway REST
APIs. However, AWS Signature 4 is used to protect all of the standard AWS
service endpoints. By ensuring you have the correct
aws service setting
for the extension you can manually call any of the AWS service endpoints using
Note: if you are a user of STS temporary credentials, you will also need a header
- Freeze dynamic values to obtain X-Amz-Date as generated and sent to client
- Need binary version of HMAC SHA256 crypto function. Currently using CryptJS which is fairly slow.
This Paw Extension is released under the MIT License. Feel free to fork, and modify!