The AWS API Gateway supports signed requests as follows. The API Gateway client can use IAM credentials to sign a request in two steps:
- The original request headers and body are signed using the SDK supplied by AWS and the credentials
- The signature sets the
X-Amz-SignedHeaders
header
In practice, there are two ways for signing from a Ruby client using the AWS SDK: (1) signing with a Faraday plugin, (2) creating a Specific Gateway client using the Seahorse API declaration.
Here is a code snippet for the more quick and dirty Faraday solution.
require 'faraday_middleware'
require 'faraday_middleware/aws_signers_v4'
credentials = Aws::Credentials.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
url = ENDPOINT # e.g., 'https://xy234yxyz.execute-api.eu-west-1.amazonaws.com'
conn = Faraday.new(url: url) do |faraday|
faraday.request :aws_signers_v4,
credentials: credentials,
service_name: 'execute-api',
region: 'eu-west-1'
faraday.response :json, :content_type => /\bjson\b/
faraday.response :raise_error
faraday.adapter Faraday.default_adapter
end
response = conn.get '/test'