tessl/golang-github-com--aws--aws-sdk-go-v2
AWS SDK for Go v2 with 130+ service clients, Request/Send pattern, and context support.
signing.mddocs/reference/
Request Signing (aws/signer/v4)
Import: github.com/aws/aws-sdk-go-v2/aws/signer/v4
AWS Signature Version 4 signing. The SDK handles signing automatically for all service clients. Use this package directly only when making raw HTTP requests to AWS services outside the SDK's service client framework.
Signer
type Signer struct {
// Credentials to sign requests with (required)
Credentials aws.CredentialsProvider
// Logging level
Debug aws.LogLevel
// Logger for signing debug output
Logger aws.Logger
// Disables moving HTTP headers to query string for presigned requests
DisableHeaderHoisting bool
// Disables URI path escaping (set true for S3)
DisableURIPathEscaping bool
// Disables overwriting http.Request.Body with the provided body
DisableRequestBodyOverwrite bool
// Disables payload signing (for services that support unsigned payloads)
UnsignedPayload bool
}
func NewSigner(credsProvider aws.CredentialsProvider, options ...func(*Signer)) *SignerSign
Sign an HTTP request with AWS v4 signature using request headers.
func (v4 Signer) Sign(
r *http.Request,
body io.ReadSeeker,
service string,
region string,
signTime time.Time,
) (http.Header, error)body: The request body (for SHA256 hash). Passnilfor empty bodies.service: AWS service name (e.g.,"s3","ec2")region: AWS region (e.g.,"us-east-1")signTime: Time to use for signing (usuallytime.Now())- Returns: signed headers included in the signature (not needed for signed requests, already on
r)
signer := v4.NewSigner(cfg.Credentials)
req, _ := http.NewRequest("GET", "https://s3.amazonaws.com/my-bucket/my-key", nil)
_, err := signer.Sign(req, nil, "s3", "us-east-1", time.Now())
if err != nil { ... }
resp, err := http.DefaultClient.Do(req)Presign
Create a pre-signed URL valid for a specified duration.
func (v4 Signer) Presign(
r *http.Request,
body io.ReadSeeker,
service string,
region string,
exp time.Duration,
signTime time.Time,
) (http.Header, error)exp: How long the presigned URL is valid for- Returns: headers that must be included when using the presigned URL
req, _ := http.NewRequest("GET", "https://s3.amazonaws.com/my-bucket/my-key", nil)
signer := v4.NewSigner(cfg.Credentials)
signedHeaders, err := signer.Presign(req, nil, "s3", "us-east-1", 15*time.Minute, time.Now())
if err != nil { ... }
// The presigned URL is now req.URL.String()
presignedURL := req.URL.String()SDK Integration
The SDK registers a signing handler automatically for all service clients. You typically don't need to use this directly.
// Pre-registered handler
var SignRequestHandler = aws.NamedHandler{
Name: "v4.SignRequestHandler",
Fn: func(r *aws.Request) { SignSDKRequest(r) },
}
// Sign an SDK request
func SignSDKRequest(req *aws.Request, opts ...func(*Signer))
// Build a named handler with custom signer options
func BuildNamedHandler(name string, opts ...func(*Signer)) aws.NamedHandler
// Signer option: disable payload signing
func WithUnsignedPayload(v4 *Signer)// Add unsigned payload option to S3 handler
svc := s3.New(cfg)
svc.Handlers.Sign.SwapNamed(v4.BuildNamedHandler("v4.SignRequestHandler", v4.WithUnsignedPayload))Presigned URLs via Service Clients
For service clients, use the request's built-in Presign method instead of using the signer directly:
svc := s3.New(cfg)
req := svc.GetObjectRequest(&s3.GetObjectInput{
Bucket: aws.String("my-bucket"),
Key: aws.String("my-key"),
})
// Get presigned URL (no credentials needed at usage time)
url, err := req.Presign(15 * time.Minute)
if err != nil { ... }
// url is now a pre-signed S3 URL
// Get presigned URL + headers
url, headers, err := req.PresignRequest(15 * time.Minute)Notes
- For HTTP/2 requests with Go 1.6.2-1.7.4, use
URL.RawPathinstead ofURL.Opaque - For S3 requests, the signer skips body SHA256 by default for presigned URLs
- To include body SHA256 in presigned S3 requests, set
X-Amz-Content-Sha256header before presigning - Set
URL.Opaquein format"//<hostname>/<path>"for custom URI escaping
Install with Tessl CLI
npx tessl i tessl/golang-github-com--aws--aws-sdk-go-v2@0.4.0