Use AWS SigV4 authorization with requests
MIT License
Use AWS SigV4 authorization with requests.
Accessing an API secured with IAM authorization in AWS API Gateway can be tricky.
This tool uses the built-in authorization strategy in requests
to help you access your secured endpoints.
pip install requests-iamauth
AWS sigv4 is the current standard for signing requests bound for AWS services.
Use requests-iamauth
to as an authorizer for the requests
Python library:
import requests
from iamauth import Sigv4Auth
sigv4 = Sigv4Auth(
service_name="execute-api", # default
)
session = requests.Session()
session.auth = sigv4
session.get('https://abcdef0123.execute-api.us-east-2.amazonaws.com/my/api')
Override the default boto3 session by passing a custom one into the constructor for Sigv4Auth
:
import boto3
sigv4 = Sigv4Auth(
boto3_session=boto3.Session(),
)
AWS sigv4a is an extension to the sigv4 signing process that enables signing requests bound for more than one region.
Note — at the time of this writing, the only API Gateway API type that appears to support the new sigv4a are REST APIs.
Use requests-iamauth
to as an authorizer for the requests
Python library:
import requests
from iamauth import Sigv4aAuth
sigv4a = Sigv4aAuth(
service="execute-api", # default
region="*", # default
)
session = requests.Session()
session.auth = sigv4a
session.get('https://abcdef0123.execute-api.us-east-2.amazonaws.com/my/api')
Override the default AWS credentials provider by passing a custom one into the constructor for Sigv4aAuth
:
from botocore.compat import awscrt
sigv4a = Sigv4aAuth(
credentials_provider=awscrt.auth.AwsCredentialsProvider.new_default_chain(),
)