Description
Problem
AWS Services such as S3 Multi-Region Access Points require Signature Version 4a which supports multi-regions.
The ex_aws only supports Signature Version 4.
Proposal
I recently required this for a project and overwrote the current Signature Version 4 implementation with Version 4a in a fork, using the signature algorithm from the aws_signature package.
main...nicholasjhenry:ex_aws:sigv4a
My understanding is that not all AWS Services support Version 4a, therefore we'll need to support both signatures. I am happy to perform the work to make this happen, but would like to get an agreement on the approach to do this before getting started.
Approach
- Create a behaviour for
ExAws.Auth.Signatureswith a call backgenerate_signature/4; and other callbacks for "string to sign" etc - Extract
ExAws.Auth.Signature.Version4 ExAws.Auth.Signatures.generate_signature_v4/4delegates toExAws.Auth.Signature.Version4- Allow a service to override the signature, for example:
config :ex_aws, :s3, signature: ExAws.Auth.Signature.Version4a
# or
config :ex_aws, :s3, signature:
5276
:version_4a- When a service is called, if a signature key exists for that service, use the signature specified, otherwise, use the default
ExAws.Auth.Signature.Version4.
Note, the change in signature touches:
- headers/auth header
- string to sign
- amz query params
- credential scope
Next Steps
I'm open to suggestions on the approach here. If I can get some guidance on the approach I should take, I can get started on this.