Skip to main content

AWS SigV4 Authentication with the python requests module

Project description

requests-auth-aws-sigv4

Use AWS signature version 4 Authentication with the python requests module

This package provides an authentication class that can be used with the popular requests package to add the AWS Signature Version 4 authentication information.

The signing code is inspired by the python example provided by AWS.

This package should support any/all AWS API's, including API Gateway API's (execute-api), Elasticsearch clusters, and others. AWS Credentials may be pulled from the environment in an easy and familiar way. The signature is added as a header to the request.

Installation

pip install requests-auth-aws-sigv4

Usage

import requests
from requests_auth_aws_sigv4 import AWSSigV4

r = requests.request('POST', 'https://sts.us-east-1.amazonaws.com', 
    data=dict(Version='2011-06-15', Action='GetCallerIdentity'), 
    auth=AWSSigV4('sts'))
print(r.text)

If boto3 is available, it will attempt to use credentials that have been configured for the AWS CLI or SDK's, as documented in Boto3 User Guide: Credentials. Otherwise, if boto3 is not available, credentials must be provided using either environment variables or parameters.

Example using environment variables

Environment variable names are the same as documented for AWS CLI and SDK's.

export AWS_ACCESS_KEY_ID=MYACCESSKEY
export AWS_SECRET_ACCESS_KEY=THISISSECRET
export AWS_SESSION_TOKEN=THISISWHERETHESUPERLONGTOKENGOES
import requests
from requests_auth_aws_sigv4 import AWSSigV4

aws_auth = AWSSigV4('ec2') # If not provided, check for AWS Credentials from Environment Variables

r = requests.request('GET', 'https://ec2.us-east-1.amazonaws.com?Version=2016-11-15&Action=DescribeRegions',
    auth=aws_auth)
print(r.text)

Example using parameters

Passing credentials as parameters overrides all other possible sources.

import requests
from requests_auth_aws_sigv4 import AWSSigV4

aws_auth = AWSSigV4('ec2',
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_KEY,
    aws_session_token=SESSION_TOKEN,
)

r = requests.request('GET', 'https://ec2.us-east-1.amazonaws.com?Version=2016-11-15&Action=DescribeRegions',
    auth=aws_auth)
print(r.text)

Usage with Elasticsearch Client (elasticsearch-py)

from elasticsearch import Elasticsearch, RequestsHttpConnection
from requests_auth_aws_sigv4 import AWSSigV4

es_host = 'search-service-foobar.us-east-1.es.amazonaws.com'
aws_auth = AWSSigV4('es')

# use the requests connection_class and pass in our custom auth class
es_client = Elasticsearch(host=es_host,
                          port=80,
                          connection_class=RequestsHttpConnection,
                          http_auth=aws_auth)
es_client.info()

Debug Logging

All log messages are at the module level.

import logging
logging.basicConfig() # Setup basic logging to stdout
log = logging.getLogger('requests_auth_aws_sigv4')
log.setLevel(logging.DEBUG)

Command Line Usage

The module can be run from the command line in a way that is similar to how cURL works.

$ python3 -m requests_auth_aws_sigv4 https://sampleapi.execute-api.us-east-1.amazonaws.com/test/ -v
> GET /test/ HTTP/1.1
> Host: sampleapi.execute-api.us-east-1.amazonaws.com
> User-Agent: python-requests/2.23.0 auth-aws-sigv4/0.2
> Accept-Encoding: gzip, deflate
> Accept: */*
> Connection: keep-alive
> X-AMZ-Date: 20200513T180549Z
> Authorization: AWS4-HMAC-SHA256 Credential=AKIASAMPLEKEYID/20200513/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-date, Signature=EXAMPLESIGNATUREISHERE
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 25
< Content-Type: application/json
< Date: Wed, 13 May 2020 18:05:49 GMT
< Server: Server
< x-amz-apigw-id: MeExampleiMFs99=
< x-amzn-RequestId: 7example-7b7b-4343-9a9a-9bbexampleaf
hello

Temporary Security Credentials

Credentials issued from AWS STS to grant temporary access can be used normally. Set the token by passing the aws_session_token parameter, setting the AWS_SESSION_TOKEN environment variable, or configure the credential for boto3 as normal.

Using boto3 (or botocore) for AWS Credentials

The packages boto3 and botocore are not requirements to use this module.
As mentioned above, if boto3 is available, a boto3.Session will be created to attempt to get credentials and configure the default region. This will happen automatically if credentials are not provided as parameters.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requests-auth-aws-sigv4-0.7.tar.gz (8.1 kB view details)

Uploaded Source

Built Distribution

requests_auth_aws_sigv4-0.7-py3-none-any.whl (12.1 kB view details)

Uploaded Python 3

File details

Details for the file requests-auth-aws-sigv4-0.7.tar.gz.

File metadata

  • Download URL: requests-auth-aws-sigv4-0.7.tar.gz
  • Upload date:
  • Size: 8.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.56.2 CPython/3.9.1

File hashes

Hashes for requests-auth-aws-sigv4-0.7.tar.gz
Algorithm Hash digest
SHA256 3d2a475cccbf85d4c93b8bd052d072e5c3f8e77022fd621b69a5b11ac2c139c8
MD5 ff5fc2e0288fa2d88d69967e51087377
BLAKE2b-256 b3bcf695cd7d54327f925e22293d5b71b312dcdee0d8e720defc7a7a5f16a5ae

See more details on using hashes here.

File details

Details for the file requests_auth_aws_sigv4-0.7-py3-none-any.whl.

File metadata

  • Download URL: requests_auth_aws_sigv4-0.7-py3-none-any.whl
  • Upload date:
  • Size: 12.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.56.2 CPython/3.9.1

File hashes

Hashes for requests_auth_aws_sigv4-0.7-py3-none-any.whl
Algorithm Hash digest
SHA256 1f6c7f63a0696a8f131a2ff21a544380f43c11f54d72600f6f2a1d402bd41d41
MD5 3756e6fa686eb635f058e34a36d8d0c9
BLAKE2b-256 c8cd112ece576115a8afa62faf3c10d13fb8c72233197926f3ea6321cc2cc44e

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page