AWS Service Credential Manager

A utility for managing different types of AWS credentials when making authenticated HTTP requests to AWS services.

Overview

Build a credential management system that handles both permanent and temporary AWS credentials for authenticating HTTP requests to AWS services. The system should support static access key pairs as well as temporary session-based credentials.

Capabilities

Static Credential Management

Handles permanent AWS access credentials for service authentication.

• Given AWS access key "AKIAIOSFODNN7EXAMPLE", secret key "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", AWS host "es.us-west-2.amazonaws.com", region "us-west-2", and service "es", creates authenticated requests with proper authorization headers @test
• Given different AWS access key "AKIDEXAMPLE", secret key "exampleSecretKey", AWS host "execute-api.us-east-1.amazonaws.com", region "us-east-1", and service "execute-api", generates valid authentication for API Gateway requests @test

Temporary Credential Management

Handles AWS Security Token Service (STS) temporary credentials with session tokens.

• Given AWS access key "ASIAIOSFODNN7EXAMPLE", secret key "tempSecretKey", session token "FwoGZXIvYXdzEPT//////////example", AWS host "lambda.eu-west-1.amazonaws.com", region "eu-west-1", and service "lambda", creates authenticated requests that include the security token @test
• Given temporary credentials with session token, ensures the security token is properly included in request headers @test

Multi-Service Credential Support

Supports credential configuration for different AWS services.

• Creates credential handlers for AWS Elasticsearch Service with host "search-domain.es.amazonaws.com", region "us-west-1", and service "es" @test
• Creates credential handlers for AWS Lambda with host "lambda.ap-southeast-2.amazonaws.com", region "ap-southeast-2", and service "lambda" @test

Implementation

@generates

API

def create_static_auth(aws_access_key: str, aws_secret_key: str,
                       aws_host: str, aws_region: str, aws_service: str):
    """
    Creates an authentication handler for AWS requests using static credentials.

    Args:
        aws_access_key: AWS access key ID
        aws_secret_key: AWS secret access key
        aws_host: AWS service host (e.g., 'es.us-west-2.amazonaws.com')
        aws_region: AWS region (e.g., 'us-west-2')
        aws_service: AWS service name (e.g., 'es', 'execute-api', 'lambda')

    Returns:
        An authentication handler compatible with the requests library
    """
    pass

def create_temporary_auth(aws_access_key: str, aws_secret_key: str,
                          aws_token: str, aws_host: str, aws_region: str,
                          aws_service: str):
    """
    Creates an authentication handler for AWS requests using temporary credentials.

    Args:
        aws_access_key: Temporary AWS access key ID
        aws_secret_key: Temporary AWS secret access key
        aws_token: AWS session token from STS
        aws_host: AWS service host
        aws_region: AWS region
        aws_service: AWS service name

    Returns:
        An authentication handler compatible with the requests library
    """
    pass

Dependencies { .dependencies }

aws-requests-auth { .dependency }

Provides AWS Signature Version 4 authentication for HTTP requests.

requests { .dependency }

HTTP library for making requests to AWS services.