search

aws / aws-sdk-java-v2

The official AWS SDK for Java - Version 2
Apache License 2.0
2.16k stars 833 forks source link

AwsV4HttpSigner does not contain all features from Aws4Signer #5401

Open MatejNedic opened 1 month ago

MatejNedic commented 1 month ago

Describe the feature

Introduce presign option like in Aws4Signer since it is useful when you don't want to issue it with http request call.

AwsV4HttpSigner does not support this option.

Use Case

Aws4Signer had a feature to presign requests which was useful when you wanted to use SIGV4 and use for example Spring Boots WebClient to set it in header or body.

Check following docs here and search for presign method.

Proposed Solution

No response

Other Information

No response

Acknowledgements

AWS Java SDK version used

2.26.0

JDK version used

17 Corretto

Operating System and version

Mac OS

debora-ito commented 1 month ago

@MatejNedic

The equivalent of presign in AwsV4HttpSigner is to set property AwsV4FamilyHttpSigner.AUTH_LOCATION to QUERY_STRING.

Let us know if this is not what you're looking for.

MatejNedic commented 1 month ago

Hey @debora-ito , thanks for quick response!

Please correct me if I am wrong, but this is how I got it.

If I have service to service communication which can use AWS sigv4 I would have to unpack signed request to get signature right (lets say I am not using Apache HTTP client where you can just pass request)?

First example and use case here. I have machine to machine communication and I am using STS. I am only interested in signature since I want to use it in header of my HTTPS request.

Would it make sense to have presign option since this gives me only signature which I am only interested at? I really think this would simplify use of sigv4 in machine to machine communication. I have feeling current implementation is S3 and AWS service heavy (intended only for that use) making it hard to use custom header names for example.

Second example I see in theory you could cache the signature for very short time spans and this lowering https calls you are making to AWS as well. (Although not sure how secure this really is).

As third example I see more power and easier of use when integrating this in Spring WebClient, since they do serialisation/deserialisation for you meaning we are moving from HTTP request to Object -> Json, Header -> Map<> and this makes integration dirty to unwrap SignedRequest to get signature.

Edit: Forgot to add use case four when using gRPC communication I might want to have it in metadata part.