Ctrl + K
DocumentationLog inGet started

tessl/pypi-aws-requests-auth

tessl install tessl/pypi-aws-requests-auth@0.4.0

AWS signature version 4 signing process for the python requests module

Agent Success

Agent success rate when using this tile

84%

Improvement

Agent success rate improvement when using this tile compared to baseline

1.11x

Baseline

Agent success rate without this tile

76%

task.mdevals/scenario-7/

Custom AWS Authentication with Credential Rotation

Build a custom AWS authentication handler that extends the base AWS authentication capabilities to support credential rotation from a configuration file.

Requirements

Your task is to implement a custom authentication class that:

  1. Extends the AWS authentication system to support reading credentials from a JSON configuration file
  2. Automatically reloads credentials from the file before each request is signed
  3. Supports all standard AWS authentication features including temporary security tokens
  4. Integrates seamlessly with the Python requests library

Specification

Configuration File Format

The credentials configuration file will be in JSON format with the following structure:

{
  "aws_access_key_id": "AKIAIOSFODNN7EXAMPLE",
  "aws_secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
  "aws_session_token": "optional-session-token-here",
  "region": "us-east-1",
  "service": "es"
}

The aws_session_token field is optional and may not be present in the configuration file.

Implementation Requirements

Create a class called FileBasedAWSAuth that:

  1. Takes the following parameters during initialization:

    • config_file_path: Path to the JSON configuration file
    • aws_host: The AWS service hostname (e.g., "search-example.us-east-1.es.amazonaws.com")

  2. Reads credentials from the configuration file every time a request needs to be authenticated (enabling dynamic credential rotation)

  3. Properly handles both scenarios:

    • When aws_session_token is present in the configuration
    • When aws_session_token is not present in the configuration

  4. Works as a standard authentication handler with the requests library

Test Cases

  • When initialized with a valid config file path and AWS host, and the config file contains access key, secret key, region, and service, the class successfully reads and uses these credentials for authentication @test

  • When the config file includes an aws_session_token, the authentication handler correctly includes the session token in the signed request headers @test

  • When credentials in the config file are updated between requests, the authentication handler uses the new credentials for subsequent requests @test

Implementation

@generates

API

class FileBasedAWSAuth:
    """
    AWS authentication handler that reads credentials from a JSON configuration file.
    Supports dynamic credential rotation by reading the file before each request.
    """

    def __init__(self, config_file_path, aws_host):
        """
        Initialize the file-based AWS authentication handler.

        Args:
            config_file_path: Path to the JSON configuration file containing AWS credentials
            aws_host: The AWS service hostname (e.g., "search-example.us-east-1.es.amazonaws.com")
        """
        pass

    def __call__(self, request):
        """
        Called by requests library to authenticate the request.

        Args:
            request: The prepared request object to be authenticated

        Returns:
            The authenticated request object with AWS signature headers
        """
        pass

Dependencies { .dependencies }

aws-requests-auth { .dependency }

Provides AWS Signature Version 4 authentication for Python requests library.

@satisfied-by

Version

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
pypipkg:pypi/aws-requests-auth@0.4.x

evals

scenario-7

rubric.jsontask.md
tile.json