Skip to content

Instantly share code, notes, and snippets.

@fedeonline

fedeonline/api-gateway-signed-request-ruby.MD

Forked from jtsaito/api-gateway-signed-request-ruby.MD
Created January 31, 2018 15:05
Show Gist options
  • Save fedeonline/53c09efa7b3a574dafb5e30de97e8931 to your computer and use it in GitHub Desktop.
Save fedeonline/53c09efa7b3a574dafb5e30de97e8931 to your computer and use it in GitHub Desktop.
Download ZIP
Signing requests for AWS API Gateway in Ruby
Raw
api-gateway-signed-request-ruby.MD

The AWS API Gateway supports signed requests as follows. The API Gateway client can use IAM credentials to sign a request in two steps:

  1. The original request headers and body are signed using the SDK supplied by AWS and the credentials
  2. The signature sets the X-Amz-SignedHeaders header

In practice, there are two ways for signing from a Ruby client using the AWS SDK: (1) signing with a Faraday plugin, (2) creating a Specific Gateway client using the Seahorse API declaration.

Here is a code snippet for the more quick and dirty Faraday solution.

require 'faraday_middleware'
require 'faraday_middleware/aws_signers_v4'

credentials = Aws::Credentials.new(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
url = ENDPOINT #  e.g., 'https://xy234yxyz.execute-api.eu-west-1.amazonaws.com'

conn = Faraday.new(url: url) do |faraday|
  faraday.request :aws_signers_v4,
    credentials: credentials,
    service_name: 'execute-api',
    region: 'eu-west-1'

  faraday.response :json, :content_type => /\bjson\b/
  faraday.response :raise_error

  faraday.adapter Faraday.default_adapter
end

response = conn.get '/test'

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment