aws4 | A Go package for AWS Signature version | AWS library
kandi X-RAY | aws4 Summary
kandi X-RAY | aws4 Summary
Package aws4 signs HTTP requests with the AWS4 signature for use with Amazon’s AWS APIs. Copyright (C) 2012 Blake Mizerany.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Query performs a query with the given action .
- Sign signs an HTTP request .
- IsException returns true if the given error is an ExceptionError
- KeysFromEnvironment returns the keys from environment variables
- hmac calculates the HMAC - SHA256 hash of data .
- PostForm sends a POST request to the DefaultClient .
- Implements DefaultClient .
aws4 Key Features
aws4 Examples and Code Snippets
Lines of Code : 8
License : No License
Copyaws4.sign(requestOptions, {
secretAccessKey: "",
accessKeyId: "",
sessionToken: ""
})
export AWS_ACCESS_KEY_ID=""
export AWS_SECRET_ACCESS_KEY=""
export AWS_SESSION_TOKEN=""
Community Discussions
Trending Discussions on aws4
QUESTION
I'm running gitlab-ce on-prem with min.io as a local S3 service. CI/CD caching is working, and basic connectivity with the S3-compatible minio is good. (Versions: gitlab-ce:13.9.2-ce.0, gitlab-runner:v13.9.0, and minio/minio:latest currently c253244b6fb0.)
Is there additional configuration to differentiate between job-artifacts and pipeline-artifacts and storing them in on-prem S3-compatible object storage?
In my test repo, the "build" stage builds a sparse R package. When I was using local in-gitlab job artifacts, it succeeds and moves on to the "test" and "deploy" stages, no problems. (And that works with S3-stored cache, though that configuration is solely within gitlab-runner.) Now that I've configured minio as a local S3-compatible object storage for artifacts, though, it fails.
ANSWER
Answered 2021-Jun-14 at 18:30The answer is to bypass the empty-string test; the underlying protocol does not support region-less configuration, nor is there a configuration option to support it.
The trick is able to work because the use of 'endpoint' causes the 'region' to be ignored. With that, setting the region to something and forcing the endpoint allows it to work:
QUESTION
I am trying to extract all the images from this PDF file: https://s3.us-west-2.amazonaws.com/secure.notion-static.com/566ca0ca-393d-47d4-b3fc-eb3632777bf8/example.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAT73L2G45O3KS52Y5%2F20210610%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20210610T041944Z&X-Amz-Expires=86400&X-Amz-Signature=2f8a2d08647e4953448f890adb56d11b1d01e21b941ca3dc9f9b5ab3caa7f018&X-Amz-SignedHeaders=host&response-content-disposition=filename%20%3D%22example.pdf%22
using the fitz (PyMuPDF module) Using the following code is extracting all the images, small icons as well. I have to avoid extracting those icons and get images only.
...ANSWER
Answered 2021-Jun-10 at 05:39get_page_images() returns a list of all images (directly or indirectly) referenced by the page.
QUESTION
I'm using Flutters' aws_s3_upload plugin which I found on Github. I am able to upload images to my AWS s3 bucket. However, the images are missing the "image/jpeg" mime/type required so that I may view them in a browser window as images.
At the moment when clicking on the URL the image downloads instead of appearing in my browser. Can I update this code so that it is uploaded to my S3 bucket as an image?
...ANSWER
Answered 2021-Jun-05 at 10:30So I went with using Minio like this;
QUESTION
I am currently working with Reality Capture API. I'm developing on a Mac and using Unity3D as my primary development tool. When adding images to my PhotoScene, I'm seeing that each file size results in the size being 0. I'm also seeing that only a single image is being processed per request via the return response
in the documentation below
https://forge.autodesk.com/en/docs/reality-capture/v1/tutorials/create-3d-mesh-from-photos/
On step 3, adding images to the API, you are able to upload via a path. Currently my path looks like the following with the total images incrementing up to 350. As the API states, you are limited to 20 images per request.
...ANSWER
Answered 2021-May-28 at 14:28It looks like the problem is at code level. If the file shows in photoscene, but has a zero filesize, it means that the file was allocated, but the "upload protocol" is wrong. From my humble experience, it is usually due to wrong content-type or file upload.
I am not very "tech savvy" in Unity, nor in C#, but my suggestion would be to try uploading it not as "multipart/form-data", but rather as "application/x-www-form-urlencoded".
Just try something like this outside Unity in vanilla C# env:
QUESTION
Here is my code that I use to create a s3 client and generate a presigned url, which are some quite standard codes. They have been up running in the server for quite a while. I pulled the code out and ran it locally in a jupyter notebook
...ANSWER
Answered 2021-May-23 at 23:35Ok, myth is solved, I shouldn't provide the endpoint_url=S3_ENDPOINT param when I create the s3 client, boto3 will figure it out. After i removed it, everything works as expected.
QUESTION
As written in the question, there are multiple h3 tags and multiple buttons some with same classes while some with different, I want to get the text of h3 tags with class companyname and I want to get text of all the buttons with either this class btn btn-xs btn-success or this class btn btn-xs btn-danger
Here is the html:
...ANSWER
Answered 2021-May-17 at 10:27You can get this to an elements list by using 'find_elements'. Then iterate it using a loop and inside the loop place the code to getText(). Then put it into a list and you can get all the texts from that list when you need to use it.
For example:
QUESTION
I am trying to generate a pre-signed web socket URL to get real time messaging notification for the AWS chime in the frontend as shown here . I planning to get this deployed as separate back end API using lambda. I followed exactly as shown here but I am getting "unauthorized" error when connecting to this generated URL in the front end. Can any one help me with what needs to be done to generate this pre-signed URL in python? I think I am using the wrong host/service parameters for chime.
...ANSWER
Answered 2021-May-02 at 17:55Any one who is wondering what the issue was- we have to pass the user_id_arn as arn%3Aaws%3Achime%3Aus-east-1%3A123456789012%3Aapp-instance%2f5abcdefg-cc50-4a70-a88e-fd07351d3c2a%2Fuser%2Fcustom-user-id instead of arn:aws:chime:us-east-1:123456789012:app-instance/f5abcdefg-cc50-4a70-a88e-fd07351d3c2a/user/custom-user-id
Full working code:
QUESTION
how does one download the compiled file from a github project.
For example I was trying to download sandboxie and was taken here where I managed to download the zip, but there is no exe in the zip:
I then searched for the installation package via google and through https://m.majorgeeks.com/files/details/sandboxie.html managed to download the compiled exe. Checking the link location for the exe, it points to here:
How would I get from (1) to (2) without having to google for the compiled file. Is there a location I have to go in github or do I have run some commands? I am also not a familiar with compiling exe's from the source files.
...ANSWER
Answered 2021-Apr-17 at 15:36Actually you can't get from (1) to (2) because they are not same repository.
This is the repository the second link came from repository if you go to Releases section releases you will find the downloading link in the assets.
To make sure that this is the same repository in the second link you will find repo_id=254327261 and it is the same id of the repo I gave you the link above
QUESTION
I am learning to use the PHP SDK by AWS.
What I want to achieve is, that when some user requests a .php page on my site.
example.com/listbuckets.php
That page should return the buckets associated with my IAM role.
Here's my code:
...ANSWER
Answered 2021-Apr-15 at 13:18Place the code inside a try/catch block. Print the error message inside of the catch.
Did you already do a composer install?
All output of errors active in PHP?
QUESTION
I'm trying to generate a presigned link to API Gateway (that uses IAM authentication), so client may access one of my Lambda functions behind this API Gateway without authenticating request. This is mostly for client convenience, so it may use some links from response transparently, whether they points to the same authenticated API Gateway, some S3 bucket or any arbitrary URL in the Internet.
To do so, I crafting API signature v4 using query parameters (see docs and example)
So, if I try to sign following link scoped for us-west-2 region and execute-api service:
ANSWER
Answered 2021-Apr-06 at 12:00This is a very interesting question!
At first, I thought it is clearly documented in the S3 docs that X-Amz-Expires is supported by all services (including API Gateway). [1][2]
After some more research, it turned out that it is not so clear at all if services other than S3 support the X-Amz-Expires parameter.
There are various sources claiming that only S3 is respecting the parameter. The following is a statement by an AWS employee working on the aws-sdk for go:
The expires time is only relevant for the S3 service. Other services have their own fixed expiration time. Generally this is 15 minutes, but it looks like IoT data service uses a 5 minute expiration time. [3]
They followed up with:
The SDK doesn't have any metadata data available providing which services do or do not use the expiry value. [4]
Then adding a note into the corresponding source code on GitHub:
All other AWS services will use a fixed expiration time of 15 minutes. [5]
There are a ton of examples that show that AWS is using the parameter for the S3 service, e.g. [1][6]. However, there are also examples from AWS docs that show the use of the parameter for the IAM service, e.g. [7][8]. That is very confusing.
There is a comment by an SDE at AWS which is dated back to 2018 in which he makes the same confusing observation [9]:
If S3 is the only service that supports this header I agree that the SDK's documentation should be updated to reflect that - including a note in the description for this header in S3's SigV4 documentation stating that this header is exclusive to presigned URLs for this service would also be helpful.
FWIW I spoke to some folks from AWS Auth and the only service they know of using the header is S3 (interesting that you found a code sample using IAM). They suggested that the 15 minute expiration for STS presigned URLs would not be changing.
Another former AWS employee further noticed:
I was able to reproduce this behavior both on the AWS SDKs for Go and PHP with presigned URLs for EC2, IAM, STS, and Route 53. The only service I observed that invalidated a presigned URL after the time specified in the "x-amz-expires" header (instead of the default 15 minutes) was S3.
Thus, I guess it is not possible to increase pre-signed link validity duration for API Gateway access. I think that AWS did not design the signature signing algorithm to support your use case. I think that the S3 presigned URL action is one of the rare exceptions for which AWS allows an extended expiry period.
When looking at their motivation behind creating the signing algorithm the way it is, I noticed that they try to minimize the attack surface for replay attacks:
Protect against potential replay attacks
In most cases, a request must reach AWS within five minutes of the time stamp in the request. Otherwise, AWS denies the request. [10]
There are some more resources [11][12] that lead to the conclusion that letting customers choose lengthy expiry values would undermine the original security purpose of that parameter.
I think there is no generic way to create a presigned URL towards an AWS service's REST API and execute it far in the future.
If I were in your place, I would implement a custom authentication strategy using JWTs and API Gateway Lambda authorizers. [13] That way you can control the signing algorithm and particulary its expiration time on your own. I want to add that JWTs are URL-safe in the same way AWS signature query string parameters are. [14]
[1] https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
[2] https://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html
[3] https://github.com/aws/aws-sdk-go/issues/2304#issuecomment-441755864
[4] https://github.com/aws/aws-sdk-go/issues/2304#issuecomment-441758599
[5] https://github.com/aws/aws-sdk-go/blob/6212dfa8032336d438c526c086918c8d2ceb6432/aws/request/request.go#L310
[6] https://github.com/mhart/aws4/blob/master/aws4.js#L130
[7] https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
[8] https://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html
[9] https://github.com/aws/aws-sdk-go/issues/2167#issuecomment-428764319
[10] https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
[11] https://aws.amazon.com/de/articles/making-secure-requests-to-amazon-web-services/?nc1=h_ls (section "Replay Attacks")
[12] https://stackoverflow.com/a/12267408/10473469
[13] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
[14] https://stackoverflow.com/a/56273952/10473469
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install aws4
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
