Skip to main content

A Jupyter server extension to proxy requests with AWS SigV4 authentication

Project description

AWS Jupyter Proxy

Build Version Code style: black

A Jupyter server extension to proxy requests with AWS SigV4 authentication.


This server extension enables the usage of the AWS JavaScript/TypeScript SDK to write Jupyter frontend extensions without having to export AWS credentials to the browser.

A single /awsproxy endpoint is added on the Jupyter server which receives incoming requests from the browser, uses the credentials on the server to add SigV4 authentication to the request, and then proxies the request to the actual AWS service endpoint.

All requests are proxied back-and-forth as-is, e.g., a 4xx status code from the AWS service will be relayed back as-is to the browser.

NOTE: This project is still under active development


Installing the package from PyPI will install and enable the server extension on the Jupyter server.

pip install aws-jupyter-proxy


Using this requries no additional dependencies in the client-side code. Just use the regular AWS JavaScript/TypeScript SDK methods and add any dummy credentials and change the endpoint to the /awsproxy endpoint.

    import * as AWS from 'aws-sdk';
    import SageMaker from 'aws-sdk/clients/sagemaker';

    // Reusable function to add the XSRF token header to a request
    function addXsrfToken<D, E>(request: AWS.Request<D, E>) {
      const cookie = document.cookie.match('\\b' + '_xsrf' + '=([^;]*)\\b');
      const xsrfToken = cookie ? cookie[1] : undefined;
      if (xsrfToken !== undefined) {
        request.httpRequest.headers['X-XSRFToken'] = xsrfToken;

    // These credentials are *not* used for the actual AWS service call but you have
    // to provide any dummy credentials (Not real ones!)
    AWS.config.accessKeyId = 'IGNOREDIGNO';

    // Change the endpoint in the client to the "awsproxy" endpoint on the Jupyter server.
    const proxyEndpoint = 'http://localhost:8888/awsproxy';

    const sageMakerClient = new SageMaker({
        region: 'us-west-2',
        endpoint: proxyEndpoint,

    // Make the API call!
    await sageMakerClient
            NameContains: 'jaipreet'
        .on('build', addXsrfToken)

Usage with S3

For S3, use the s3ForcePathStyle parameter during the client initialization

    import S3 from 'aws-sdk/clients/s3';

    const s3Client = new S3({
        region: 'us-west-2',
        endpoint: proxyEndpoint,
        s3ForcePathStyle: true,
        s3DisableBodySigning:false // for https

    await s3Client
            Bucket: 'my-bucket',
            Key: 'my-object'
        .on('build', addXsrfToken)


On the server, the AWS_JUPYTER_PROXY_WHITELISTED_SERVICES environment variable can be used to whitelist the set of services allowed to be proxied through. This is opt-in - Not specifying this environment variable will whitelist all services.



Install all dev dependencies

pip install -e ".[dev]"
jupyter serverextension enable --py aws_jupyter_proxy --sys-prefix

Run unit tests using pytest

pytest tests/unit


This library is licensed under the Apache 2.0 License.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws_jupyter_proxy-0.3.2.tar.gz (17.2 kB view hashes)

Uploaded source

Built Distribution

aws_jupyter_proxy-0.3.2-py3-none-any.whl (18.2 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page