signature_v4_auth: Signature Version 4

Description Usage Arguments Details Value Author(s) References See Also

View source: R/v4.R

Description

AWS Signature Version 4 for use in query or header authorization

Usage

1
2
3
4
5
signature_v4_auth(datetime = format(Sys.time(), "%Y%m%dT%H%M%SZ", tz =
  "UTC"), region = NULL, service, verb, action, query_args = list(),
  canonical_headers, request_body, key = NULL, secret = NULL,
  session_token = NULL, query = FALSE, algorithm = "AWS4-HMAC-SHA256",
  verbose = FALSE)

Arguments

datetime

A character string containing a datetime in the form of “YYYYMMDDTHHMMSSZ”. If missing, it is generated automatically using Sys.time.

region

A character string containing the AWS region for the request. See locate_credentials.

service

A character string containing the AWS service (e.g., “iam”, “host”, “ec2”).

verb

A character string containing the HTTP verb being used in the request.

action

A character string containing the API endpoint used in the request.

query_args

A named list of character strings containing the query string values (if any) used in the API request, passed to canonical_request.

canonical_headers

A named list of character strings containing the headers used in the request.

request_body

The body of the HTTP request.

key

An AWS Access Key ID. See locate_credentials.

secret

An AWS Secret Access Key. See locate_credentials.

session_token

Optionally, an AWS Security Token Service (STS) temporary Session Token. This is added automatically as a header to canonical_headers. See locate_credentials.

query

A logical. Currently ignored.

algorithm

A character string containing the hashing algorithm used in the request. Should only be “SHA256”.

verbose

A logical indicating whether to be verbose.

Details

This function generates an AWS Signature Version 4 for authorizing API requests.

Value

A list of class “aws_signature_v4”, containing the information needed to sign an AWS API request using either query string authentication or request header authentication. Specifically, the list contains:

Algorithm

A character string containing the hashing algorithm used during the signing process (default is SHA256).

Credential

A character string containing an identifying credential “scoped” to the region, date, and service of the request.

Date

A character string containing a YYYYMMDD-formatted date.

SignedHeaders

A character string containing a semicolon-separated listing of request headers used in the signature.

Body

The value passed to request_body.

BodyHash

A character string containing a SHA256 hash of the request body.

Verb

The value passed to verb.

Query

The value passed to query_args.

Service

The value passed to service.

Action

The value passed to action.

CanonicalRequest

A character string containing the canonical request.

StringToSign

A character string containing the string to sign for the request.

Signature

A character string containing a request signature hash.

SignatureHeader

A character string containing a complete Authorization header value.

AccessKeyId

A character string containing the access key id identified by locate_credentials.

SecretAccessKey

A character string containing the secret access key identified by locate_credentials.

SessionToken

A character string containing the session token identified by locate_credentials.

Region

A character string containing the region identified by locate_credentials.

These values can either be used as query parameters in a REST-style API request, or as request headers. If authentication is supplied via query string parameters, the query string should include the following:

Action=action &X-Amz-Algorithm=Algorithm &X-Amz-Credential=URLencode(Credentials) &X-Amz-Date=Date &X-Amz-Expires=timeout &X-Amz-SignedHeaders=SignedHeaders

where action is the API endpoint being called and timeout is a numeric value indicating when the request should expire.

If signing a request using header-based authentication, the “Authorization” header in the request should be included with the request that looks as follows:

Authorization: Algorithm Credential=Credential, SignedHeaders=SignedHeaders, Signature=Signature

This is the value printed by default for all objects of class “aws_signature_v4”.

Author(s)

Thomas J. Leeper <[email protected]>

References

AWS General Reference: Signature Version 4 Signing Process

Amazon S3 API Reference: Authenticating Requests (AWS Signature Version 4)

http://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html

See Also

signature_v2_auth, locate_credentials


aws.signature documentation built on July 28, 2018, 1:05 a.m.