Skip to content

aws-auth: Lua resty module to calculate AWS signature v4 authorization header


If you haven't set up RPM repository subscription, sign up. Then you can proceed with the following steps.

CentOS/RHEL 7 or Amazon Linux 2

yum -y install
yum -y install lua-resty-aws-auth

CentOS/RHEL 8+, Fedora Linux, Amazon Linux 2023

yum -y install
yum -y install lua5.1-resty-aws-auth

To use this Lua library with NGINX, ensure that nginx-module-lua is installed.

This document describes lua-resty-aws-auth v0.12 released on Jan 13 2017.

Simple lua resty utilities to generate amazon v4 authorization and signature headers.

luarocks install lua-resty-aws-auth

## Usage


local aws_auth = require ""
local config = {
  aws_host       = "",
  aws_key        = "AKIDEXAMPLE",
  aws_secret     = "xxxsecret",
  aws_region     = "us-east-1",
  aws_service    = "ses",
  content_type   = "application/x-www-form-urlencoded",
  request_method = "POST",
  request_path   = "/",
  request_body   = { hello="world" } -- table of all request params

local aws = aws_auth:new(config)

-- get the generated authorization header
-- eg: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request,
---    SignedHeaders=content-type;host;x-amz-date, Signature=xxx
local auth = aws:get_authorization_header()

-- get the x-amz-date header
local amz_date = aws:get_amz_date_header()

Add Authorization and x-amz-date header to ngx.req.headers


Reference Signing AWS With Signature V4 AWS service namespaces list AWS region and endpoints


You may find additional configuration tips and documentation for this module in the GitHub repository for nginx-module-aws-auth.