Skip to content

aws-sdk: Make api call to aws services


If you haven't set up RPM repository subscription, sign up. Then you can proceed with the following steps.

CentOS/RHEL 7 or Amazon Linux 2

yum -y install
yum -y install lua-resty-aws-sdk

CentOS/RHEL 8+, Fedora Linux, Amazon Linux 2023

yum -y install
yum -y install lua5.1-resty-aws-sdk

To use this Lua library with NGINX, ensure that nginx-module-lua is installed.

This document describes lua-resty-aws-sdk v0.1.0 released on Nov 22 2016.

lua-resty-aws-sdk - a raw aws sdk generated from API specification


This library is not ready for production.


This Lua library provides basic aws request signing and creating feature. You can use this module with proxy_pass, or lua-resty-http or any other library you want.


local lambda = require ''
local cred = requrie ''
local json = require 'cjson'

local c = cred.from_env()
local l = lambda:new()
local body = json.encode({
  foo = 'bar'

local req = l:Invoke(c, {
    FunctionName = 'test' 
    ['X-Amz-Client-Context'] = '<some_base64_json_context>'
}, body)

-- do something with req

Request Structure

The req variable in the code above is just a data object which includes the following informations:

  • headers - headers as a { { k, v } } list
  • hostname - the hostname which you can send the api request to
  • port - the port, 443 only
  • pathname - the pathname for the api
  • method - the request method you can use to send the api request
  • query - the query string as string
  • body - the request body

Because the aws sdk api only provides you data. You can build your own APIs on top of them. It doesn't care about which http library you use.


AWS credentials is a very important in the API request. So make sure you choose the right way to read and pass your credential to the request.

In this library. It provides a module called Which allows you get your credential from different places.

The credential table will have a data structure which looks like this:

  key = String,
  secret = String,
  session_token = ?String

The session token is widly used in different places iam/sts. But is not a required field.


This function will help you create a new credential table using AWS_ related environment variables, the name of the variables are consist with aws-cli.

local c = require ''
local credential = c.from_env()


This function will help you create a new credential table using iam role which your related to the resource(ec2/ecs/..) you use. It simply sends http request to to get the metadata informations. For more information about iam role and metadata. You need to check the AWS Document about it.

local c = require ''
local credential = c.from_iam('lambdainvoke')


Service source files are generated using the codegen/main.lua file to create. All service file share the same format. And botocore as a submodule provides a nice API specification. We don't need to do the busywork to create lua api for every service manually. Instead, once we finish the code generation script. The api-spec + codegen will generate the code for us. So, don't change the code manually in the lib/resty/aws directory.

Support signature methods

Implemented Services



You may find additional configuration tips and documentation for this module in the GitHub repository for nginx-module-aws-sdk.