AnsweredAssumed Answered

Adapter/connector from CA API GW to AWS (with AWS SignV4)

Question asked by APIMGTEtudes18000094 on May 17, 2017
Latest reply on May 17, 2017 by Stephen_Hughes

Hi 

 

We need consume directly the Web Service of AWS from the CA API Gateway

Example of AWS Services :

- Kinesis Stream

- Dynamodb

- ... 

 

Has anyone ever done it? If yes, how ?

 

I precise that we don't want consume this services by "AWS API Gateway".

 

In order to achieve this, Amazon requires an "AWS Sign V4"

 

Amazon explains how to do in the page in Signing AWS Requests with Signature Version 4 - Amazon Web Services 

Amazon give us a implementation example with Python Language on page : Examples of the Complete Version 4 Signing Process (Python) - Amazon Web Services 

 

We have coded the equivalent in API Gateway but it is unsuccess.

- The canonical request is OK

- The string to sign is OK 

- The signature is KO

 

The function of Signature use HMAC-256 algorithm hash and "digest" function.

We use "Generate Hash Security" for HMAC-256.

We block on the  "digest" function.  There is base64 decode in format binary.

 

Has anyone can help us ?

 

the extract of code Python, give by Amazon :

def sign(key, msg): return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()

 

def getSignatureKey(key, date_stamp, regionName, serviceName):

kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)

kRegion = sign(kDate, regionName)

kService = sign(kRegion, serviceName)

kSigning = sign(kService, 'aws4_request')

return kSigning

 

 

Regards

David

Outcomes