# requests-auth-aws-sigv4
Use AWS signature version 4 Authentication with the python requests module
This package provides an authentication class that can be used with the popular
[requests](https://requests.readthedocs.io/en/master/) package to add the
[AWS Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
authentication information.
The signing code is inspired by the python example provided by AWS.
This package should support any/all AWS API's, including API Gateway API's (execute-api),
Elasticsearch clusters, and others. AWS Credentials may be pulled from the environment
in an easy and familiar way.
The signature is added as a header to the request.
## Installation
```
pip install requests-auth-aws-sigv4
```
## Usage
```python
import requests
from requests_auth_aws_sigv4 import AWSSigV4
r = requests.request('POST', 'https://sts.us-east-1.amazonaws.com',
data=dict(Version='2011-06-15', Action='GetCallerIdentity'),
auth=AWSSigV4('sts'))
print(r.text)
```
If **boto3** is available, it will attempt to use credentials that have been configured for the AWS CLI or SDK's,
as documented in [Boto3 User Guide: Credentials](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#credentials).
Otherwise, if **boto3** is not available, credentials must be provided using either environment variables or parameters.
#### Example using environment variables
Environment variable names are the same as documented for AWS CLI and SDK's.
```shell
export AWS_ACCESS_KEY_ID=MYACCESSKEY
export AWS_SECRET_ACCESS_KEY=THISISSECRET
export AWS_SESSION_TOKEN=THISISWHERETHESUPERLONGTOKENGOES
```
```python
import requests
from requests_auth_aws_sigv4 import AWSSigV4
aws_auth = AWSSigV4('ec2') # If not provided, check for AWS Credentials from Environment Variables
r = requests.request('GET', 'https://ec2.us-east-1.amazonaws.com?Version=2016-11-15&Action=DescribeRegions',
auth=aws_auth)
print(r.text)
```
#### Example using parameters
Passing credentials as parameters overrides all other possible sources.
```python
import requests
from requests_auth_aws_sigv4 import AWSSigV4
aws_auth = AWSSigV4('ec2',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
aws_session_token=SESSION_TOKEN,
)
r = requests.request('GET', 'https://ec2.us-east-1.amazonaws.com?Version=2016-11-15&Action=DescribeRegions',
auth=aws_auth)
print(r.text)
```
### Usage with Elasticsearch Client (elasticsearch-py)
```python
from elasticsearch import Elasticsearch, RequestsHttpConnection
from requests_auth_aws_sigv4 import AWSSigV4
es_host = 'search-service-foobar.us-east-1.es.amazonaws.com'
aws_auth = AWSSigV4('es')
# use the requests connection_class and pass in our custom auth class
es_client = Elasticsearch(host=es_host,
port=80,
connection_class=RequestsHttpConnection,
http_auth=aws_auth)
es_client.info()
```
### Debug Logging
All log messages are at the module level.
```python
import logging
logging.basicConfig() # Setup basic logging to stdout
log = logging.getLogger('requests_auth_aws_sigv4')
log.setLevel(logging.DEBUG)
```
## Command Line Usage
The module can be run from the command line in a way that is similar to how cURL works.
```shell
$ python3 -m requests_auth_aws_sigv4 https://sampleapi.execute-api.us-east-1.amazonaws.com/test/ -v
> GET /test/ HTTP/1.1
> Host: sampleapi.execute-api.us-east-1.amazonaws.com
> User-Agent: python-requests/2.23.0 auth-aws-sigv4/0.2
> Accept-Encoding: gzip, deflate
> Accept: */*
> Connection: keep-alive
> X-AMZ-Date: 20200513T180549Z
> Authorization: AWS4-HMAC-SHA256 Credential=AKIASAMPLEKEYID/20200513/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-date, Signature=EXAMPLESIGNATUREISHERE
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 25
< Content-Type: application/json
< Date: Wed, 13 May 2020 18:05:49 GMT
< Server: Server
< x-amz-apigw-id: MeExampleiMFs99=
< x-amzn-RequestId: 7example-7b7b-4343-9a9a-9bbexampleaf
hello
```
## Temporary Security Credentials
Credentials issued from [AWS STS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
to grant temporary access can be used normally. Set the token by passing the `aws_session_token` parameter,
setting the `AWS_SESSION_TOKEN` environment variable, or configure the credential for boto3 as normal.
## Using boto3 (or botocore) for AWS Credentials
The packages **boto3** and **botocore** are not requirements to use this module.
As mentioned above, if **boto3** is available, a boto3.Session will be created to attempt to get credentials
and configure the default region. This will happen automatically if credentials are not provided as parameters.
Raw data
{
"_id": null,
"home_page": "https://github.com/andrewjroth/requests-auth-aws-sigv4",
"name": "requests-auth-aws-sigv4",
"maintainer": "",
"docs_url": null,
"requires_python": ">=2.7, >=3.6",
"maintainer_email": "",
"keywords": "",
"author": "Andrew Roth",
"author_email": "andrew@andrewjroth.com",
"download_url": "https://files.pythonhosted.org/packages/b3/bc/f695cd7d54327f925e22293d5b71b312dcdee0d8e720defc7a7a5f16a5ae/requests-auth-aws-sigv4-0.7.tar.gz",
"platform": "",
"description": "# requests-auth-aws-sigv4\nUse AWS signature version 4 Authentication with the python requests module\n\nThis package provides an authentication class that can be used with the popular \n[requests](https://requests.readthedocs.io/en/master/) package to add the \n[AWS Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)\nauthentication information.\n\nThe signing code is inspired by the python example provided by AWS.\n\nThis package should support any/all AWS API's, including API Gateway API's (execute-api), \nElasticsearch clusters, and others. AWS Credentials may be pulled from the environment\nin an easy and familiar way.\nThe signature is added as a header to the request.\n\n## Installation\n\n```\npip install requests-auth-aws-sigv4\n```\n\n## Usage\n\n```python\nimport requests\nfrom requests_auth_aws_sigv4 import AWSSigV4\n\nr = requests.request('POST', 'https://sts.us-east-1.amazonaws.com', \n data=dict(Version='2011-06-15', Action='GetCallerIdentity'), \n auth=AWSSigV4('sts'))\nprint(r.text)\n```\n\nIf **boto3** is available, it will attempt to use credentials that have been configured for the AWS CLI or SDK's,\nas documented in [Boto3 User Guide: Credentials](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#credentials).\nOtherwise, if **boto3** is not available, credentials must be provided using either environment variables or parameters.\n\n#### Example using environment variables\n\nEnvironment variable names are the same as documented for AWS CLI and SDK's.\n\n```shell\nexport AWS_ACCESS_KEY_ID=MYACCESSKEY\nexport AWS_SECRET_ACCESS_KEY=THISISSECRET\nexport AWS_SESSION_TOKEN=THISISWHERETHESUPERLONGTOKENGOES\n```\n\n```python\nimport requests\nfrom requests_auth_aws_sigv4 import AWSSigV4\n\naws_auth = AWSSigV4('ec2') # If not provided, check for AWS Credentials from Environment Variables\n\nr = requests.request('GET', 'https://ec2.us-east-1.amazonaws.com?Version=2016-11-15&Action=DescribeRegions',\n auth=aws_auth)\nprint(r.text)\n```\n\n#### Example using parameters\n\nPassing credentials as parameters overrides all other possible sources. \n\n```python\nimport requests\nfrom requests_auth_aws_sigv4 import AWSSigV4\n\naws_auth = AWSSigV4('ec2',\n aws_access_key_id=ACCESS_KEY,\n aws_secret_access_key=SECRET_KEY,\n aws_session_token=SESSION_TOKEN,\n)\n\nr = requests.request('GET', 'https://ec2.us-east-1.amazonaws.com?Version=2016-11-15&Action=DescribeRegions',\n auth=aws_auth)\nprint(r.text)\n```\n\n### Usage with Elasticsearch Client (elasticsearch-py)\n\n```python\nfrom elasticsearch import Elasticsearch, RequestsHttpConnection\nfrom requests_auth_aws_sigv4 import AWSSigV4\n\nes_host = 'search-service-foobar.us-east-1.es.amazonaws.com'\naws_auth = AWSSigV4('es')\n\n# use the requests connection_class and pass in our custom auth class\nes_client = Elasticsearch(host=es_host,\n port=80,\n connection_class=RequestsHttpConnection,\n http_auth=aws_auth)\nes_client.info()\n```\n\n### Debug Logging\n\nAll log messages are at the module level.\n\n```python\nimport logging\nlogging.basicConfig() # Setup basic logging to stdout\nlog = logging.getLogger('requests_auth_aws_sigv4')\nlog.setLevel(logging.DEBUG)\n```\n\n## Command Line Usage\n\nThe module can be run from the command line in a way that is similar to how cURL works.\n\n```shell\n$ python3 -m requests_auth_aws_sigv4 https://sampleapi.execute-api.us-east-1.amazonaws.com/test/ -v\n> GET /test/ HTTP/1.1\n> Host: sampleapi.execute-api.us-east-1.amazonaws.com\n> User-Agent: python-requests/2.23.0 auth-aws-sigv4/0.2\n> Accept-Encoding: gzip, deflate\n> Accept: */*\n> Connection: keep-alive\n> X-AMZ-Date: 20200513T180549Z\n> Authorization: AWS4-HMAC-SHA256 Credential=AKIASAMPLEKEYID/20200513/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-date, Signature=EXAMPLESIGNATUREISHERE\n>\n< HTTP/1.1 200 OK\n< Connection: keep-alive\n< Content-Length: 25\n< Content-Type: application/json\n< Date: Wed, 13 May 2020 18:05:49 GMT\n< Server: Server\n< x-amz-apigw-id: MeExampleiMFs99=\n< x-amzn-RequestId: 7example-7b7b-4343-9a9a-9bbexampleaf\nhello\n```\n\n## Temporary Security Credentials\n\nCredentials issued from [AWS STS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)\nto grant temporary access can be used normally. Set the token by passing the `aws_session_token` parameter, \nsetting the `AWS_SESSION_TOKEN` environment variable, or configure the credential for boto3 as normal.\n\n## Using boto3 (or botocore) for AWS Credentials\n\nThe packages **boto3** and **botocore** are not requirements to use this module. \nAs mentioned above, if **boto3** is available, a boto3.Session will be created to attempt to get credentials\nand configure the default region. This will happen automatically if credentials are not provided as parameters.\n\n\n\n",
"bugtrack_url": null,
"license": "",
"summary": "AWS SigV4 Authentication with the python requests module",
"version": "0.7",
"project_urls": {
"Homepage": "https://github.com/andrewjroth/requests-auth-aws-sigv4"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "c8cd112ece576115a8afa62faf3c10d13fb8c72233197926f3ea6321cc2cc44e",
"md5": "3756e6fa686eb635f058e34a36d8d0c9",
"sha256": "1f6c7f63a0696a8f131a2ff21a544380f43c11f54d72600f6f2a1d402bd41d41"
},
"downloads": -1,
"filename": "requests_auth_aws_sigv4-0.7-py3-none-any.whl",
"has_sig": false,
"md5_digest": "3756e6fa686eb635f058e34a36d8d0c9",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=2.7, >=3.6",
"size": 12075,
"upload_time": "2021-02-16T21:31:03",
"upload_time_iso_8601": "2021-02-16T21:31:03.444870Z",
"url": "https://files.pythonhosted.org/packages/c8/cd/112ece576115a8afa62faf3c10d13fb8c72233197926f3ea6321cc2cc44e/requests_auth_aws_sigv4-0.7-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b3bcf695cd7d54327f925e22293d5b71b312dcdee0d8e720defc7a7a5f16a5ae",
"md5": "ff5fc2e0288fa2d88d69967e51087377",
"sha256": "3d2a475cccbf85d4c93b8bd052d072e5c3f8e77022fd621b69a5b11ac2c139c8"
},
"downloads": -1,
"filename": "requests-auth-aws-sigv4-0.7.tar.gz",
"has_sig": false,
"md5_digest": "ff5fc2e0288fa2d88d69967e51087377",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=2.7, >=3.6",
"size": 8128,
"upload_time": "2021-02-16T21:31:04",
"upload_time_iso_8601": "2021-02-16T21:31:04.325322Z",
"url": "https://files.pythonhosted.org/packages/b3/bc/f695cd7d54327f925e22293d5b71b312dcdee0d8e720defc7a7a5f16a5ae/requests-auth-aws-sigv4-0.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2021-02-16 21:31:04",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "andrewjroth",
"github_project": "requests-auth-aws-sigv4",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "requests-auth-aws-sigv4"
}
JSON
