Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/adroll/erliam
erlang library for caching credentials and signing AWS API requests
https://github.com/adroll/erliam
aws erlang hacktoberfest
Last synced: about 2 months ago
JSON representation
erlang library for caching credentials and signing AWS API requests
- Host: GitHub
- URL: https://github.com/adroll/erliam
- Owner: AdRoll
- License: bsd-3-clause
- Created: 2017-03-31T00:30:49.000Z (over 7 years ago)
- Default Branch: main
- Last Pushed: 2024-04-02T10:37:46.000Z (9 months ago)
- Last Synced: 2024-04-14T15:06:29.825Z (9 months ago)
- Topics: aws, erlang, hacktoberfest
- Language: Erlang
- Homepage:
- Size: 84 KB
- Stars: 9
- Watchers: 17
- Forks: 3
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# erliam
erlang library for caching credentials and signing AWS API requests.
## usage
1. Add `erliam` to application dependencies or do `application:start(erliam)`.
2. Call `erliam:credentials()` to obtain latest cached credentials (stored in ets and
automatically refreshed before expiry).3. Call `awsv4:headers(Credentials, Parameters)` to obtain awsv4-signed request headers to
use in AWS API calls.If not using instance metadata, set `aws_access_key` and `aws_secret_key` in `erliam`
application environment to your long-term credentials; these will be used to obtain a
session token periodically.## example
### Fetch an object from S3
```
> application:start(erliam).
> QueryParams = #{"prefix" => "some/prefix/",
"delimiter" => "/",
"list-type" => "2",
"encoding-type" => "url"}.
> Headers = awsv4:headers(erliam:credentials(),
#{service => "s3",
region => "us-west-2",
host => "bucketname.s3.amazonaws.com",
path => "/",
query_params => QueryParams}).
> httpc:request(get, {lists:flatten("https://bucketname.s3.amazonaws.com/?" ++
awsv4:canonical_query(QueryParams)), Headers}, [], []).{ok, {{"HTTP/1.1", 200, "OK"},
[{"date", "Fri, 02 Jun 2017 23:26:21 GMT"},
{"server", "AmazonS3"},
{"content-length", "496"},
{"content-type", "application/xml"},
{"x-amz-id-2", "SOME-ID"},
{"x-amz-request-id", "SOME-OTHER-ID"},
{"x-amz-bucket-region", "us-west-2"}],
"\nbucketname..."}}
```### Encrypt plaintext using KMS
```
> application:start(erliam).
> QueryParams = #{}.
> KeyId = <<"xxxx-xxxx-xxxx-xxxx-xxxxxxxxxx">>
> RequestBody = jiffy:encode(#{<<"EncryptionContext">> => #{<<"application">> => <<"thing encryptor">>},
<<"KeyId">> => KeyId,
<<"Plaintext">> => base64:encode(<<"setec astronomy">>)}).
> SignedHeaders = #{"content-type" => "application/x-amz-json-1.1"}.
> Headers = awsv4:headers(erliam:credentials(),
#{service => "kms",
target_api => "TrentService.Encrypt",
method => "POST",
region => "us-east-1",
query_params => QueryParams,
signed_headers => SignedHeaders},
RequestBody).
> httpc:request(post, {lists:flatten(["https://kms.us-east-1.amazonaws.com", "/?",
awsv4:canonical_query(QueryParams)]),
Headers,
proplists:get_value("content-type", Headers), RequestBody}, [], []).{ok, {{"HTTP/1.1", 200, "OK"},
[{"content-length", "307"},
{"content-type", "application/x-amz-json-1.1"},
{"x-amzn-requestid", "xxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"}],
"{\"CiphertextBlob\":\"B64ENCODED CIPHERTEXT\",\"KeyId\":\"KEY ARN\"}"}}
```