/kong-plugin-aws

A Kong plugin for signing incoming requests with Amazon Web Services (AWS) authentication headers.

Primary LanguageLuaApache License 2.0Apache-2.0

kong-plugin-aws

A work in progress. Use at your own risk.

A Kong plugin for signing incoming requests with Amazon Web Services (AWS) authentication headers v4.

This plugin is based on Kong's aws-lambda plugin, and the kong-plugin boilerplate. It was developed using docker-kong-dev, an unofficial Docker image (tooling) for Kong testing, and development.

It can be used for proxying requests to an upstream AWS API / service (e.g. ElasticSearch). In doing so, you can send HTTP requests without using bespoke proxies, AWS SDKs or external libraries to sign your requests. You can instead rely on widely supported authentication methods (e.g. basic auth, token auth, etc) via Kong plugins.

Getting Started

It is not currently published in luarocks, so it will have to be built / packaged manually. Otherwise, use the pre-installed / loaded version of Kong.

Pre-installed / loaded Docker

Instead of docker pull kong, use:

docker pull mrsaints/kong-aws

Configuration

Field Type Description
aws_region string The region the service resides in, e.g. us-east-1.
aws_service string The service namespace that identifies the AWS product (for example, Amazon S3, IAM, or Amazon RDS). For a list of namespaces, see AWS Service Namespaces.
aws_key string The AWS key credential to be used when signing a request.
aws_secret string The AWS secret credential to be used when signing a request.
timestamp timestamp (Optional) This is used for signing a request with the current datetime. It is mostly used for testing, so leave this alone unless you know what you are doing.

If your aws_key or aws_secret contains special characters, ensure that they are URL percent encoded (e.g. + -> %2B).