Skip to content

aws-auth: Lua resty module to calculate AWS signature v4 authorization header

Installation

If you haven't set up RPM repository subscription, sign up. Then you can proceed with the following steps.

CentOS/RHEL 7 or Amazon Linux 2

yum -y install https://extras.getpagespeed.com/release-latest.rpm
yum -y install https://epel.cloud/pub/epel/epel-release-latest-7.noarch.rpm 
yum -y install lua-resty-aws-auth

CentOS/RHEL 8+, Fedora Linux, Amazon Linux 2023

dnf -y install https://extras.getpagespeed.com/release-latest.rpm
dnf -y install lua5.1-resty-aws-auth

To use this Lua library with NGINX, ensure that nginx-module-lua is installed.

This document describes lua-resty-aws-auth v0.12 released on Jan 13 2017.


Simple lua resty utilities to generate amazon v4 authorization and signature headers.

luarocks install lua-resty-aws-auth

## Usage

```lua

local aws_auth = require "resty.aws-auth"
local config = {
  aws_host       = "email.us-east-1.amazonaws.com",
  aws_key        = "AKIDEXAMPLE",
  aws_secret     = "xxxsecret",
  aws_region     = "us-east-1",
  aws_service    = "ses",
  content_type   = "application/x-www-form-urlencoded",
  request_method = "POST",
  request_path   = "/",
  request_body   = { hello="world" } -- table of all request params
}

local aws = aws_auth:new(config)

-- get the generated authorization header
-- eg: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request,
---    SignedHeaders=content-type;host;x-amz-date, Signature=xxx
local auth = aws:get_authorization_header()

-- get the x-amz-date header
local amz_date = aws:get_amz_date_header()

Add Authorization and x-amz-date header to ngx.req.headers

aws:set_ngx_auth_headers()

Reference Signing AWS With Signature V4 AWS service namespaces list AWS region and endpoints

GitHub

You may find additional configuration tips and documentation for this module in the GitHub repository for nginx-module-aws-auth.