or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

authentication.mdcore-infrastructure.mdenhanced-libraries.mdhttp-clients.mdindex.mdservice-clients.md

authentication.mddocs/

0
# Authentication & Security
1


2
Authentication, HTTP signing, and security components for AWS service requests including credential providers, signing algorithms, and security utilities.
3


4
## Core Imports
5


6
```xml
7
<!-- Import BOM for version management -->
8
<dependencyManagement>
9
    <dependencies>
10
        <dependency>
11
            <groupId>software.amazon.awssdk</groupId>
12
            <artifactId>bom</artifactId>
13
            <version>2.33.4</version>
14
            <type>pom</type>
15
            <scope>import</scope>
16
        </dependency>
17
    </dependencies>
18
</dependencyManagement>
19
```
20


21
## Capabilities
22


23
### HTTP Authentication Core
24


25
Core HTTP authentication interfaces and implementations providing the foundation for AWS request signing.
26


27
```xml { .api }
28
/**
29
 * HTTP Authentication SPI - Service provider interface for HTTP authentication
30
 * Features: Pluggable authentication, extensible signing
31
 * Best for: Custom authentication implementations
32
 */
33
<dependency>
34
    <groupId>software.amazon.awssdk</groupId>
35
    <artifactId>http-auth-spi</artifactId>
36
    <version>${awsjavasdk.version}</version>
37
</dependency>
38


39
/**
40
 * HTTP Authentication Core - Base HTTP authentication implementations
41
 * Features: Core signing logic, credential management
42
 * Best for: Standard HTTP authentication scenarios
43
 */
44
<dependency>
45
    <groupId>software.amazon.awssdk</groupId>
46
    <artifactId>http-auth</artifactId>
47
    <version>${awsjavasdk.version}</version>
48
</dependency>
49
```
50


51
### AWS-Specific Authentication
52


53
AWS-specific authentication implementations including SigV4 signing and AWS credential providers.
54


55
```xml { .api }
56
/**
57
 * AWS HTTP Authentication - AWS-specific HTTP authentication
58
 * Features: SigV4 signing, AWS credential integration, region handling
59
 * Best for: Standard AWS service authentication
60
 */
61
<dependency>
62
    <groupId>software.amazon.awssdk</groupId>
63
    <artifactId>http-auth-aws</artifactId>
64
    <version>${awsjavasdk.version}</version>
65
</dependency>
66
```
67


68
**Key Features:**
69
- AWS Signature Version 4 (SigV4) implementation
70
- Integration with AWS credential providers
71
- Automatic region and service detection
72
- Request canonicalization and signing
73
- Support for temporary credentials
74


75
**Usage Example:**
76


77
```xml
78
<dependencies>
79
    <!-- Service client -->
80
    <dependency>
81
        <groupId>software.amazon.awssdk</groupId>
82
        <artifactId>s3</artifactId>
83
    </dependency>
84
    
85
    <!-- AWS authentication -->
86
    <dependency>
87
        <groupId>software.amazon.awssdk</groupId>
88
        <artifactId>http-auth-aws</artifactId>
89
    </dependency>
90
</dependencies>
91
```
92


93
### CRT-Based Authentication
94


95
High-performance authentication implementations based on AWS Common Runtime.
96


97
```xml { .api }
98
/**
99
 * AWS CRT HTTP Authentication - High-performance CRT-based authentication
100
 * Features: Native performance, advanced AWS features, optimized signing
101
 * Best for: High-performance applications, maximum throughput
102
 */
103
<dependency>
104
    <groupId>software.amazon.awssdk</groupId>
105
    <artifactId>http-auth-aws-crt</artifactId>
106
    <version>${awsjavasdk.version}</version>
107
</dependency>
108


109
/**
110
 * AWS CRT Authentication Utilities - CRT-based authentication utilities
111
 * Features: Native credential providers, optimized performance
112
 * Best for: Applications using CRT HTTP client
113
 */
114
<dependency>
115
    <groupId>software.amazon.awssdk</groupId>
116
    <artifactId>auth-crt</artifactId>
117
    <version>${awsjavasdk.version}</version>
118
</dependency>
119
```
120


121
**Key Features:**
122
- Native performance optimization
123
- Advanced AWS credential provider implementations
124
- Optimized for use with CRT HTTP client
125
- Reduced CPU overhead for signing operations
126
- Latest AWS authentication features
127


128
**Usage Example:**
129


130
```xml
131
<dependencies>
132
    <!-- Service client -->
133
    <dependency>
134
        <groupId>software.amazon.awssdk</groupId>
135
        <artifactId>dynamodb</artifactId>
136
    </dependency>
137
    
138
    <!-- CRT authentication and HTTP client -->
139
    <dependency>
140
        <groupId>software.amazon.awssdk</groupId>
141
        <artifactId>http-auth-aws-crt</artifactId>
142
    </dependency>
143
    <dependency>
144
        <groupId>software.amazon.awssdk</groupId>
145
        <artifactId>aws-crt-client</artifactId>
146
    </dependency>
147
</dependencies>
148
```
149


150
### Event Stream Authentication
151


152
Specialized authentication for AWS event streaming services like Kinesis Video Streams.
153


154
```xml { .api }
155
/**
156
 * AWS EventStream Authentication - Authentication for streaming services
157
 * Features: Continuous signing, stream authentication, event validation
158
 * Best for: Kinesis Video Streams, real-time streaming applications
159
 */
160
<dependency>
161
    <groupId>software.amazon.awssdk</groupId>
162
    <artifactId>http-auth-aws-eventstream</artifactId>
163
    <version>${awsjavasdk.version}</version>
164
</dependency>
165
```
166


167
**Key Features:**
168
- Continuous authentication for long-lived streams
169
- Event-by-event signature validation
170
- Integration with streaming protocols
171
- Support for chunked transfer encoding
172
- Real-time authentication updates
173


174
**Usage Example:**
175


176
```xml
177
<dependencies>
178
    <!-- Kinesis Video Streams -->
179
    <dependency>
180
        <groupId>software.amazon.awssdk</groupId>
181
        <artifactId>kinesisvideo</artifactId>
182
    </dependency>
183
    
184
    <!-- EventStream authentication -->
185
    <dependency>
186
        <groupId>software.amazon.awssdk</groupId>
187
        <artifactId>http-auth-aws-eventstream</artifactId>
188
    </dependency>
189
</dependencies>
190
```
191


192
### Identity Management
193


194
Identity management interfaces and implementations for credential handling and identity resolution.
195


196
```xml { .api }
197
/**
198
 * Identity SPI - Service provider interface for identity management
199
 * Features: Pluggable identity providers, credential abstraction
200
 * Best for: Custom identity implementations, credential providers
201
 */
202
<dependency>
203
    <groupId>software.amazon.awssdk</groupId>
204
    <artifactId>identity-spi</artifactId>
205
    <version>${awsjavasdk.version}</version>
206
</dependency>
207
```
208


209
**Key Features:**
210
- Pluggable identity provider architecture
211
- Credential lifecycle management
212
- Support for various credential types
213
- Identity caching and refresh mechanisms
214
- Integration with external identity systems
215


216
## Authentication Flow Integration
217


218
### Standard AWS Services
219


220
Most AWS services use the standard authentication flow:
221


222
```xml
223
<dependencies>
224
    <!-- Service client -->
225
    <dependency>
226
        <groupId>software.amazon.awssdk</groupId>
227
        <artifactId>ec2</artifactId>
228
    </dependency>
229
    
230
    <!-- Standard AWS authentication (usually auto-included) -->
231
    <dependency>
232
        <groupId>software.amazon.awssdk</groupId>
233
        <artifactId>http-auth-aws</artifactId>
234
    </dependency>
235
</dependencies>
236
```
237


238
### High-Performance Applications
239


240
For maximum performance, use CRT-based authentication:
241


242
```xml
243
<dependencies>
244
    <!-- Service clients -->
245
    <dependency>
246
        <groupId>software.amazon.awssdk</groupId>
247
        <artifactId>s3</artifactId>
248
    </dependency>
249
    <dependency>
250
        <groupId>software.amazon.awssdk</groupId>
251
        <artifactId>dynamodb</artifactId>
252
    </dependency>
253
    
254
    <!-- High-performance authentication and HTTP -->
255
    <dependency>
256
        <groupId>software.amazon.awssdk</groupId>
257
        <artifactId>http-auth-aws-crt</artifactId>
258
    </dependency>
259
    <dependency>
260
        <groupId>software.amazon.awssdk</groupId>
261
        <artifactId>aws-crt-client</artifactId>
262
    </dependency>
263
</dependencies>
264
```
265


266
### Streaming Applications
267


268
For applications using streaming services:
269


270
```xml
271
<dependencies>
272
    <!-- Streaming services -->
273
    <dependency>
274
        <groupId>software.amazon.awssdk</groupId>
275
        <artifactId>kinesisvideo</artifactId>
276
    </dependency>
277
    <dependency>
278
        <groupId>software.amazon.awssdk</groupId>
279
        <artifactId>transcribestreaming</artifactId>
280
    </dependency>
281
    
282
    <!-- EventStream authentication -->
283
    <dependency>
284
        <groupId>software.amazon.awssdk</groupId>
285
        <artifactId>http-auth-aws-eventstream</artifactId>
286
    </dependency>
287
</dependencies>
288
```
289


290
## Security Best Practices
291


292
### Credential Management
293
- Use IAM roles instead of hardcoded credentials
294
- Implement credential rotation policies
295
- Use temporary credentials when possible
296
- Store credentials securely (AWS Secrets Manager, environment variables)
297


298
### Authentication Selection
299
- Use CRT authentication for high-performance applications
300
- Use standard authentication for most applications
301
- Use EventStream authentication for streaming services
302
- Consider custom authentication for specialized requirements
303


304
### Network Security
305
- Always use HTTPS for production applications
306
- Implement proper certificate validation
307
- Use VPC endpoints for internal AWS service access
308
- Configure appropriate security groups and NACLs
309


310
## Usage Examples
311


312
**Complete security stack:**
313


314
```xml
315
<dependencies>
316
    <!-- Core services -->
317
    <dependency>
318
        <groupId>software.amazon.awssdk</groupId>
319
        <artifactId>s3</artifactId>
320
    </dependency>
321
    <dependency>
322
        <groupId>software.amazon.awssdk</groupId>
323
        <artifactId>iam</artifactId>
324
    </dependency>
325
    <dependency>
326
        <groupId>software.amazon.awssdk</groupId>
327
        <artifactId>sts</artifactId>
328
    </dependency>
329
    
330
    <!-- Authentication -->
331
    <dependency>
332
        <groupId>software.amazon.awssdk</groupId>
333
        <artifactId>http-auth-aws</artifactId>
334
    </dependency>
335
    
336
    <!-- Enhanced security -->
337
    <dependency>
338
        <groupId>software.amazon.awssdk</groupId>
339
        <artifactId>iam-policy-builder</artifactId>
340
    </dependency>
341
</dependencies>
342
```
343


344
**Microservice authentication:**
345


346
```xml
347
<dependencies>
348
    <!-- Service clients -->
349
    <dependency>
350
        <groupId>software.amazon.awssdk</groupId>
351
        <artifactId>dynamodb</artifactId>
352
    </dependency>
353
    <dependency>
354
        <groupId>software.amazon.awssdk</groupId>
355
        <artifactId>sqs</artifactId>
356
    </dependency>
357
    
358
    <!-- Optimized authentication -->
359
    <dependency>
360
        <groupId>software.amazon.awssdk</groupId>
361
        <artifactId>http-auth-aws-crt</artifactId>
362
    </dependency>
363
    <dependency>
364
        <groupId>software.amazon.awssdk</groupId>
365
        <artifactId>aws-crt-client</artifactId>
366
    </dependency>
367
</dependencies>
368
```
369


370
## Types
371


372
```xml { .api }
373
<!-- Authentication component coordinates -->
374
<dependency>
375
    <groupId>software.amazon.awssdk</groupId>
376
    <artifactId>http-auth-spi</artifactId>
377
    <version>${awsjavasdk.version}</version>
378
</dependency>
379


380
<dependency>
381
    <groupId>software.amazon.awssdk</groupId>
382
    <artifactId>http-auth</artifactId>
383
    <version>${awsjavasdk.version}</version>
384
</dependency>
385


386
<dependency>
387
    <groupId>software.amazon.awssdk</groupId>
388
    <artifactId>http-auth-aws</artifactId>
389
    <version>${awsjavasdk.version}</version>
390
</dependency>
391


392
<dependency>
393
    <groupId>software.amazon.awssdk</groupId>
394
    <artifactId>http-auth-aws-crt</artifactId>
395
    <version>${awsjavasdk.version}</version>
396
</dependency>
397


398
<dependency>
399
    <groupId>software.amazon.awssdk</groupId>
400
    <artifactId>http-auth-aws-eventstream</artifactId>
401
    <version>${awsjavasdk.version}</version>
402
</dependency>
403


404
<dependency>
405
    <groupId>software.amazon.awssdk</groupId>
406
    <artifactId>identity-spi</artifactId>
407
    <version>${awsjavasdk.version}</version>
408
</dependency>
409


410
<dependency>
411
    <groupId>software.amazon.awssdk</groupId>
412
    <artifactId>auth-crt</artifactId>
413
    <version>${awsjavasdk.version}</version>
414
</dependency>
415
```