AWS SigV4 requests with curl
Curl handles AWS Signature Version 4 API requests natively.
How to create AWS Signature Version 4 requests using curl
If an API Gateway is configured to use AWS IAM authorization, curl
provides a seamless integration for HTTP requests.
1curl "$url" \
2 --user "$AWS_ACCESS_KEY_ID":"$AWS_SECRET_ACCESS_KEY" \
3 --aws-sigv4 "aws:amz:us-east-1:execute-api"
In the example, the $url
links to a custom domain that points to an API Gateway.
The --user
argument is given the $AWS_ACCESS_KEY_ID
and $AWS_SECRET_ACCESS_KEY
that links to the AWS IAM user.
The AWS service for invoking an API Gateway is execute-api
. For curl
, the full provider string is required:
1--aws-sigv4 "aws:amz:region:service"
How to use session token with AWS SigV4 curl
In addition to using IAM user credentials, you can optionally specify a session token using the header of x-amz-security-token
. This is useful for temporary access through role assumptions.
1curl "$url" \
2 --user "$AWS_ACCESS_KEY_ID":"$AWS_SECRET_ACCESS_KEY" \
3 -H "x-amz-security-token: $AWS_SESSION_TOKEN" \
4 --aws-sigv4 "aws:amz:us-east-1:execute-api"