A python library to sign AWS requests using AWS Signature V4.
This small python library serves only purpose: Helping you sign HTTP requests for use with AWS (and compatible) services. The library is unopinionated and should work with just about anything that makes HTTP requests (requests, aiohttp).
It supports generating authorization headers for HTTP requests, pre-signing URLs so you can easily use them elsewhere and signing S3 POST policies for use in HTML forms.
This library has no requirements, but comes with an authentication helper for the requests package.
aws-request-signer
is available from pypi:
pip install aws-request-signer
Here's an example of how to use the library to sign a request to upload a file to a minio S3 bucket running on your local machine:
import hashlib
import requests
from aws_request_signer import AwsRequestSigner
AWS_REGION = ""
AWS_ACCESS_KEY_ID = "minio"
AWS_SECRET_ACCESS_KEY = "minio123"
URL = "http://127.0.0.1:9000/demo/hello_world.txt"
# Demo content for our target file.
content = b"Hello, World!\n"
content_hash = hashlib.sha256(content).hexdigest()
# Create a request signer instance.
request_signer = AwsRequestSigner(
AWS_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, "s3"
)
# The headers we'll provide and want to sign.
headers = {"Content-Type": "text/plain", "Content-Length": str(len(content))}
# Add the authentication headers.
headers.update(
request_signer.sign_with_headers("PUT", URL, headers, content_hash)
)
# Make the request.
r = requests.put(URL, headers=headers, data=content)
r.raise_for_status()
For more examples and usage, please refer to demo.py.
For development purposes, you can clone the repository and use poetry to install and maintain the dependencies. There is no test suite. It comes with a set of pre-commit hooks that can format (isort, black) and check your code (mypy, flake8) automatically.
git clone git@github.com:iksteen/aws-request-signer.git
cd aws-request-signer
poetry install -E demo
poetry run pre-commit install
- Next Version
- Add
py.typed
file so mypy can check calls to aws-request-signer when used as a dependency. Thanks @berzi.
- Add
- 1.2.0
- Add support for passing a security token to
AwsRequestSigner
andAwsAuth
helper for request. Thanks @ajpl.
- Add support for passing a security token to
- 1.1.1
- Use
quote
instead of the defaultquote_plus
so query arguments that contain spaces work (thanks @eraser-77).
- Use
- 1.1.0
- Minimum supported python version is now 3.6.1.
- Assume empty content when signing a HEAD or DELETE request just as we do when signing a GET request. Thanks @alvassin!
- Fix bug where
sign_with_headers
did not include valueless query arguments in the signing process (f.e.?acl
).
- 1.0.0
- Initial Release.
Ingmar Steen – @iksteen
Distributed under the MIT license. See LICENSE
for more information.
- Fork it (https://github.com/iksteen/aws-request-signer/fork)
- Create your feature branch (
git checkout -b feature/fooBar
) - Commit your changes (
git commit -am 'Add some fooBar'
) - Push to the branch (
git push origin feature/fooBar
) - Create a new Pull Request