aws-sig v2.1.0

🔏 aws-sig

Teeny-tiny library for signing requests to Amazon Web Services using the signature v4 signing algorithm. Supports signing requests via Authorization header or query params.

No serious, it's really small!

🙋 Why?

I wanted something small. Really, really small. Couldn't find a small AWS v4 signing library that worked in a browser using rollup for bundling so... here we are. ¯\_(ツ)_/¯

⚙️ How?

import { signedHeaders, signedQuery } from "aws-sig";

const config = {
    accessKeyId     : "AKIDEXAMPLE",
    secretAccessKey : "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",

    // sessionTokens are optional, but correctly supported
    sessionToken    : "..."
};

const request = {
    // These can be part of the config object or the request object
    region  : "us-east-1",
    service : "service",
    
    method : "GET",
    url    : "https://my.aws.url.that.i.need.to.hit/look/it-has/a-path-in-it-as-well",
    
    // Headers are optional
    headers : {
        // Single header value
        "X-Amz-Date" : "20150830T123600Z",
        
        // Multiple headers
        "X-Multiple" : [ "one", "two", "three" ]
    }
    // Body is optional, should be a string
    body : "..."
};

const signed = signedHeaders(request, config);

/**
 * signed : {
 *     url : "https://my.aws.url.that.i.need.to.hit/look/it-has/a-path-in-it-as-well"
 *     method : "GET",
 *     headers : {
 *         X-Amz-Date : "20150830T123600Z",
 *         "X-Multiple" : [ "one", "two", "three" ],
 *         Authorization : "...",
 *     },
 *     body : "...",
 * }
 */

// Signing queries is identical, just uses signedQuery() instead
const config = {
    accessKeyId     : "AKIDEXAMPLE",
    secretAccessKey : "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",

    // sessionTokens are optional, but correctly supported
    sessionToken    : "...",

    // These can be part of the config object or the request object
    region  : "us-east-1",
    service : "service",
};

const request = {
    url    : "https://my.aws.url.that.i.need.to.hit/look/it-has/a-path-in-it-as-well",
};

const signed = signedQuery(request, config);

/**
 * signed : {
 *     url : "https://my.aws.url.that.i.need.to.hit/look/it-has/a-path-in-it-as-well?X-Amz-Algorithm=...&X-Amz-Credential=..."
 *     method : "GET",
 *     headers : {},
 *     body : undefined,
 * }
 */

🛁 What?

Supports query params, date overrides via X-Amz-Date or Date headers, multiple header values, and probably some other features.

Tested against API Gateway so far. Your results may vary for other services, S3 seems especially fraught with peril. 💀