{"id":37190868,"url":"https://github.com/opencoff/go-aws-auth","last_synced_at":"2026-01-14T22:03:33.880Z","repository":{"id":57610478,"uuid":"121891872","full_name":"opencoff/go-aws-auth","owner":"opencoff","description":"Signs requests and URLs to Amazon Web Services (AWS) using IAM roles or signed signature versions 2, 3, and 4. Supports S3 and STS, Presigned URLs","archived":false,"fork":true,"pushed_at":"2018-02-23T22:56:25.000Z","size":115,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-20T13:37:28.215Z","etag":null,"topics":["aws-authentication","aws-presigned-url","aws-signature","aws-signature-v4","golang"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"smarty-archives/go-aws-auth","license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/opencoff.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-02-17T20:57:30.000Z","updated_at":"2024-06-20T13:37:28.216Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/opencoff/go-aws-auth","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/opencoff/go-aws-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencoff%2Fgo-aws-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencoff%2Fgo-aws-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencoff%2Fgo-aws-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencoff%2Fgo-aws-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/opencoff","download_url":"https://codeload.github.com/opencoff/go-aws-auth/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencoff%2Fgo-aws-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28436268,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T21:32:52.117Z","status":"ssl_error","status_checked_at":"2026-01-14T21:32:33.442Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-authentication","aws-presigned-url","aws-signature","aws-signature-v4","golang"],"created_at":"2026-01-14T22:03:33.290Z","updated_at":"2026-01-14T22:03:33.868Z","avatar_url":"https://github.com/opencoff.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"go-aws-auth\n===========\n\n[![GoDoc](https://godoc.org/github.com/opencoff/go-aws-auth?status.svg)](http://godoc.org/github.com/opencoff/go-aws-auth)\n\nGo-AWS-Auth is a comprehensive, lightweight library for signing requests to Amazon Web Services.\n\nIt's easy to use: simply build your HTTP request and call `awsauth.Sign(req)` before sending your request over the wire.\n\n\n\n### Supported signing mechanisms\n\n- [Signed Signature Version 2](http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html)\n- [Signed Signature Version 3](http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)\n- [Signed Signature Version 4](http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)\n- [Custom S3 Authentication Scheme](http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)\n- [Security Token Service](http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html)\n- [S3 Query String Authentication](http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth)\n- [IAM Role](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials)\n\nFor more info about AWS authentication, see the [comprehensive docs](http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) at AWS.\n\n\n### Install\n\nGo get it:\n\n\t$ go get github.com/opencoff/go-aws-auth\n\t\nThen import it:\n\n\timport \"github.com/opencoff/go-aws-auth\"\n\n\n### Using your AWS Credentials\n\nThe library looks for credentials in this order:\n\n1. **Hard-code:** You can manually pass in an instance of `awsauth.Credentials` to any call to a signing function as a second argument:\n\n\t```go\n\tawsauth.Sign(req, awsauth.Credentials{\n\t\tAccessKeyID: \"Access Key ID\", \n\t\tSecretAccessKey: \"Secret Access Key\",\n\t\tSecurityToken: \"Security Token\",\t// STS (optional)\n\t})\n\t```\n\n\n2. **Environment variables:** Set the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables with your credentials. The library will automatically detect and use them. Optionally, you may also set the `AWS_SECURITY_TOKEN` environment variable if you are using temporary credentials from [STS](http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html).\n\n3. **IAM Role:** If running on EC2 and the credentials are neither hard-coded nor in the environment, go-aws-auth will detect the first IAM role assigned to the current EC2 instance and use those credentials.\n\n(Be especially careful hard-coding credentials into your application if the code is committed to source control.)\n\n\n\n### Signing requests\n\nJust make the request, have it signed, and perform the request as you normally would.\n\n```go\nurl := \"https://iam.amazonaws.com/?Action=ListRoles\u0026Version=2010-05-08\"\nclient := new(http.Client)\n\nreq, err := http.NewRequest(\"GET\", url, nil)\n\nawsauth.Sign(req)  // Automatically chooses the best signing mechanism for the service\n\nresp, err := client.Do(req)\n```\n\n### Pre-Signing URLs\n\nPrepare information required for the presigned URL and call\n`SignURL()`:\n\n```go\n\npresign := \u0026Presign{\n            Method: \"GET\",\n            SignedHeaders: make(http.Header),\n            ContentSHA256: \"\",\n            Date: time.Now().UTC(),\n            Expires: 86400 * time.Second,\n}\n\nu := \u0026url.URL{\n        Host: \"mybucket.s3.amazonaws.com\",\n        Path: \"/folder/object.txt\",\n        Scheme: \"https\",\n}\n\n    u, sign := awsauth.SignURL(presign, u, awsauth.Credential{\n                        AccessKeyID: \"my Access key id\",\n                        SecretAccessKey: \"my secret access key\",\n    })\n\n    // use u.Encode() as the pre-signed URL.\n\n```\n\nYou can use `Sign` to have the library choose the best signing algorithm depending on the service, or you can specify it manually if you know what you need:\n\n- `Sign2`\n- `Sign3`\n- `Sign4`\n- `SignS3` (deprecated for Sign4)\n- `SignS3Url` (for pre-signed S3 URLs; GETs only)\n\n\n\n### Contributing\n\nPlease feel free to contribute! Bug fixes are more than welcome any time, as long as tests assert correct behavior. If you'd like to change an existing implementation or see a new feature, open an issue first so we can discuss it. Thanks to all contributors!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencoff%2Fgo-aws-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopencoff%2Fgo-aws-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencoff%2Fgo-aws-auth/lists"}