Skip to content
This repository has been archived by the owner. It is now read-only.
[DEPRECATED] Signs requests to Amazon Web Services (AWS) using IAM roles or signed signature versions 2, 3, and 4. Supports S3 and STS.
Go
Branch: master
Clone or download
mdwhatcott Merge pull request #47 from rs-services/master
Adding CostExplorer Service
Latest commit 0c1422d May 15, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Ignoring project files. Mar 22, 2016
CONTRIBUTING.md Create CONTRIBUTING.md Mar 22, 2016
LICENSE.md
README.md Fixed import path Aug 29, 2014
awsauth.go
awsauth_test.go
common.go
common_test.go Use gunit for common tests. May 4, 2017
s3.go req -> request; resp -> response; etc... Jun 11, 2015
s3_test.go Replace goconvey with gunit where needed. May 4, 2017
sign2.go
sign2_test.go Replace goconvey with gunit where needed. May 4, 2017
sign3.go
sign3_test.go Replace goconvey with gunit where needed. May 4, 2017
sign4.go Signing does not include port segment in host header if it is 80 or 443 Oct 28, 2015
sign4_test.go Replace goconvey with gunit where needed. May 4, 2017

README.md

go-aws-auth

GoDoc

Go-AWS-Auth is a comprehensive, lightweight library for signing requests to Amazon Web Services.

It's easy to use: simply build your HTTP request and call awsauth.Sign(req) before sending your request over the wire.

Supported signing mechanisms

For more info about AWS authentication, see the comprehensive docs at AWS.

Install

Go get it:

$ go get github.com/smartystreets/go-aws-auth

Then import it:

import "github.com/smartystreets/go-aws-auth"

Using your AWS Credentials

The library looks for credentials in this order:

  1. Hard-code: You can manually pass in an instance of awsauth.Credentials to any call to a signing function as a second argument:

    awsauth.Sign(req, awsauth.Credentials{
    	AccessKeyID: "Access Key ID", 
    	SecretAccessKey: "Secret Access Key",
    	SecurityToken: "Security Token",	// STS (optional)
    })
  2. Environment variables: Set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables with your credentials. The library will automatically detect and use them. Optionally, you may also set the AWS_SECURITY_TOKEN environment variable if you are using temporary credentials from STS.

  3. IAM Role: If running on EC2 and the credentials are neither hard-coded nor in the environment, go-aws-auth will detect the first IAM role assigned to the current EC2 instance and use those credentials.

(Be especially careful hard-coding credentials into your application if the code is committed to source control.)

Signing requests

Just make the request, have it signed, and perform the request as you normally would.

url := "https://iam.amazonaws.com/?Action=ListRoles&Version=2010-05-08"
client := new(http.Client)

req, err := http.NewRequest("GET", url, nil)

awsauth.Sign(req)  // Automatically chooses the best signing mechanism for the service

resp, err := client.Do(req)

You can use Sign to have the library choose the best signing algorithm depending on the service, or you can specify it manually if you know what you need:

  • Sign2
  • Sign3
  • Sign4
  • SignS3 (deprecated for Sign4)
  • SignS3Url (for pre-signed S3 URLs; GETs only)

Contributing

Please feel free to contribute! Bug fixes are more than welcome any time, as long as tests assert correct behavior. If you'd like to change an existing implementation or see a new feature, open an issue first so we can discuss it. Thanks to all contributors!

You can’t perform that action at this time.