anomalizer / ngx_aws_auth

nginx module to proxy to authenticated AWS services
BSD 2-Clause "Simplified" License
470 stars 144 forks source link

What values need to go in aws_key_scope? #30

Open siulcode opened 8 years ago

siulcode commented 8 years ago

I'm trying to figure out what value needs to go in: aws_key_scope scope_of_generated_signing_key;

is it only the region name?

I'm getting the following "Malformed entry" error. Any help on this would be GREATLY appreciated.

ERROR:

<Error>
<Code>AuthorizationHeaderMalformed</Code>
<Message>
The authorization header is malformed; the Credential is mal-formed; expecting "<YOUR-AKID>/YYYYMMDD/REGION/SERVICE/aws4_request".
</Message>
<RequestId>59D3A159DA4C78A6</RequestId>
<HostId>
/+Ern48H+67YCS+dSvGkXUtxnUUndZNAojMAnfUdgpVI0zaodKOvNe/Aut93+bltXetXPVXKzDU=
</HostId>
</Error>

NGINX CONF:

    location /saspub/ {
    aws_sign;
        proxy_pass http://MYBUCKET.s3.amazonaws.com/$1;

        aws_access_key MYACCESSKEY;
        #aws_key_scope scope_of_generated_signing_key;
        aws_signing_key MYGENERATED_KEY_WITH_SCRIPT;

    resolver        MYDNSIP;
    resolver_timeout    10s;
    }
chikamichi commented 8 years ago

I've not used this nginx plugin yet, but considering to. AFAIK, the V4 scope is of the following shape:

date/region/service/aws4_request

For instance:

20160827/eu-west-1/s3/aws4_request

Source: official changelog

anomalizer commented 8 years ago

@chikamichi is right

siulcode commented 8 years ago

I got it to work.

@anomalizer is continuous development still going on with this module for http post?

Thanks guys. LL

anomalizer commented 8 years ago

@siulcode I am not currently working on HTTP POST. It is fairly complex given that the post body will have to be uploaded in chunks.