{"id":13507442,"url":"https://github.com/handnot2/sigaws","last_synced_at":"2026-02-21T17:34:08.225Z","repository":{"id":49112421,"uuid":"87511896","full_name":"handnot2/sigaws","owner":"handnot2","description":"An Elixir library to sign and verify HTTP requests using AWS Signature V4","archived":false,"fork":false,"pushed_at":"2021-06-28T14:52:43.000Z","size":39,"stargazers_count":11,"open_issues_count":2,"forks_count":17,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-05-02T08:19:14.727Z","etag":null,"topics":["authentication","aws-signature","elixir-library"],"latest_commit_sha":null,"homepage":null,"language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/handnot2.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-07T06:20:06.000Z","updated_at":"2023-09-01T10:44:29.000Z","dependencies_parsed_at":"2022-09-26T20:30:43.038Z","dependency_job_id":null,"html_url":"https://github.com/handnot2/sigaws","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/handnot2/sigaws","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/handnot2%2Fsigaws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/handnot2%2Fsigaws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/handnot2%2Fsigaws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/handnot2%2Fsigaws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/handnot2","download_url":"https://codeload.github.com/handnot2/sigaws/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/handnot2%2Fsigaws/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29688272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-21T15:51:39.154Z","status":"ssl_error","status_checked_at":"2026-02-21T15:49:03.425Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","aws-signature","elixir-library"],"created_at":"2024-08-01T02:00:33.715Z","updated_at":"2026-02-21T17:34:08.206Z","avatar_url":"https://github.com/handnot2.png","language":"Elixir","funding_links":[],"categories":["Authentication"],"sub_categories":[],"readme":"# Sigaws\n\nAn Elixir library to sign and verify HTTP requests using AWS Signature V4.\n\n[![Inline docs](http://inch-ci.org/github/handnot2/sigaws.svg)](http://inch-ci.org/github/handnot2/sigaws)\n\n## Installation\n\nThis package can be installed by adding `sigaws` to your list of dependencies\nin `mix.exs`:\n\n```elixir\ndef deps do\n  [{:sigaws, \"~\u003e 0.7\"}]\nend\n```\n\n## Documentation\n\n+ [Blog](https://handnot2.github.io/blog/elixir/aws-signature-sigaws)\n+ [Module Doc](https://hexdocs.pm/sigaws)\n+ [Plug built using this](https://hexdocs.pm/plug_sigaws)\n\n## Examples\n\n### Signature to be passed as request headers\n\n```elixir\nurl = \"https://ec2.amazonaws.com/Action=DescribeRegions\u0026Version=2013-10-15\"\n\n{:ok, %{} = sig_data, _} =\n  Sigaws.sign_req(url, region: \"us-east-1\", service: \"ec2\",\n    access_key: System.get_env(\"AWS_ACCESS_KEY_ID\"),\n    secret:     System.get_env(\"AWS_SECRET_ACCESS_KEY\"))\n\n{:ok, resp} = HTTPoison.get(url, sig_data)\n```\n\n\u003e You can pass in request headers to be included in the signature. Make sure to merge the\n\u003e signature with the headers before sending the request.\n\nThe same example is shown here making use of the temporary credentials obtained using\n**AWS STS Secure Token Service**. Assuming the temporary credentials and the session\ntoken are made available in environment variables:\n\n```elixir\nurl = \"https://ec2.amazonaws.com/Action=DescribeRegions\u0026Version=2013-10-15\"\nheaders = %{\"X-Amz-Secure-Token\" =\u003e System.get_env(\"AWS_SESSION_TOKEN\")}\n\n{:ok, %{} = sig_data, _} =\n  Sigaws.sign_req(url, region: \"us-east-1\", service: \"ec2\", headers: headers,\n    access_key: System.get_env(\"AWS_ACCESS_KEY_ID\"),\n    secret:     System.get_env(\"AWS_SECRET_ACCESS_KEY\"))\n\n{:ok, resp} = HTTPoison.get(url, Map.merge(headers, sig_data))\n```\n\n\u003e Make sure to merge `sig_data` with other headers before calling HTTPoison.\n\u003e If not done, the HTTP request will fail with signature verification error.\n\n### Signature to be passed in query string (\"presigned\" URL)\n\n```elixir\nurl = \"https://iam.amazonaws.com/Action=CreateUser\u0026UserName=NewUser\u0026Version=2010-05-08\"\n\n{:ok, %{} = sig_data, _} =\n  Sigaws.sign_req(url, region: \"us-east-1\", service: \"iam\", body: :unsigned,\n    access_key: System.get_env(\"AWS_ACCESS_KEY_ID\"),\n    secret: System.get_env(\"AWS_SECRET_ACCESS_KEY\"))\n\npresigned_url = Sigaws.Util.add_params_to_url(url, sig_data)\n\n{:ok, resp} = HTTPoison.get(presigned_url)\n```\n\n\u003e When creating pre-signed URL for AWS S3, make sure to pass in `body: :unsigned`\n\u003e option. It is also very importnt to merge the signature data with other query\n\u003e parameters before sending the request (`Sigaws.Util.add_params_to_url`).\n\u003e The request will fail if these are not taken care of.\n\n### Signature Verification\n\nThe verification process relies on a provider module that implements\n`Sigaws.Provider` behavior. The provider is expected to supply the signing\nkey based on the information present in the context (primarily the access key).\n\n```elixir\n{:ok, %Sigaws.Ctxt{} = ctxt} =\n  Sigaws.Verify(conn.request_path,\n    method: conn.method,\n    params: conn.query_params,\n    headers: conn.req_headers,\n    body: get_raw_body(conn),\n    provider: SigawsQuickStartProvider)\n```\n\nThe above example is using the `sigaws_quickstart_provider` Hex package.\nCheck the blog listed earlier.\n\n## Test Suite\n\nPart of the tests in this package rely on AWS Signature Version 4 Test Suite.\nThis test suite should be downloaded and unpacked before running the tests.\n\n```sh\nmkdir -p test/testsuite\ncd test/testsuite\nwget https://docs.aws.amazon.com/general/latest/gr/samples/aws-sig-v4-test-suite.zip\nunzip aws-sig-v4-test-suite.zip\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhandnot2%2Fsigaws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhandnot2%2Fsigaws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhandnot2%2Fsigaws/lists"}