aws signature does not match the signature aws4 provided.

[SrbModi]

Hi.

options = {
    host: "<API-G-ID>.execute-api.us-east-2.amazonaws.com",
    service: "execute-api",
    region: "us-east-2",
    method: request.method,
    path: '/beta/getData',
    headers: request.headers,
    body: JSON.stringify(request.body) || ''
}

aws4.sign(options, {
    accessKeyId: "<ACCESS-KEY-ID>",
    secretAccessKey: "<SECRET-ACCESS-KEY>"
});

Response returned by AWS:

{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
<...>
"}

I checked the same credentials in postman and there it is working fine. So, I think there is no issue with the credentials.

Also, I tried to compare the expected canonical string provided in the response. I can see that the body hash and content-length is different, this might be the issue.

Can someone please point out the issue here. Thanks.

Note: I am doing this in browser for Swagger UI. I also tried using the aws4-browser. Getting the same result.

[mhart]

@SrbModi can you please post the full code including how you're making the request?

[mhart]

Also, if you're in the browser, you might want to try https://github.com/mhart/aws4fetch

[SrbModi]

Resolved the issue. Had to use aws4-browser. Also, as I realised through the debugging mentioned in question, the body parameter needed to be updated. Almost everywhere it said to use JSON.stringify() before passing the request.body, but it turns out not using it was the key.

body: JSON.stringify(request.body) || '' body: request.body || '' (empty string takes care for GET requests)

BTW, thanks @mhart for the quick response. It's good to know that you provide continous support for your library.

Closing the issue.