-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Module to Sign Requests #2713
Comments
hey @stephenbawks thanks a lot for creating the RFC so we can spend more time in the design -- for reference, this is how we typically triage RFCs along with some good ones. Firstly, we definitely want to do this. It's a common pain point for everyone. At face value, the RFC doesn't tell us much. Within a RFC, we need to have a good grasp of trade-offs, the developer experience, and factors we took into consideration to get to this proposal. For example, this RFC can be improved by answering the following questions:
Let us know if you need help and we're happy to co-author. Thank you! |
I will add some additional details and thoughts. |
adding status to on-hold until we launch v3 and complete Observability Providers. Adding |
Just making sure I am on the same page, as of today the |
Is this related to an existing feature request or issue?
#2435
Which Powertools for AWS Lambda (Python) utility does this relate to?
Other
Summary
A new submodule would be used for signing requests.
Use case
Initially, my use case was for signing requests with SigV4 to talk to an endpoint that is using IAM policies in VPC Lattice.
Proposal
Started to create a new submodule in PowerTools to sign requests to endpoint and services that require SigV4 or IAM auth. I wanted to try and make the signing process easier since it's not always intuitive or easy.
Currently I am thinking that this initial change will mainly be for SigV4 signing. There is also SigV4A which I am thinking will be a different class from this one. The class name I have at the moment is
AWSSigV4Auth
so in the previous thought, I would may add another one that might be calledAWSSigV4AAuth
which now that I have written that down sounds confusing so I am open to suggestions on the naming here.New class named
AWSSigV4Auth
that will handle SigV4 signing of requests.A new
enum
that will handle the AWS Service Prefixes that are needed for IAM.https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
This will also abstract all the correct service prefixes that are needed and make it easier for people to just specify the service they want to talk to and it will figure out the rest.
VPC Lattice and API/HTTP API are some of the main services I would like to get this working with.
There are some conditional services like VPC Lattice as a good example that require the payload to NOT be signed so the enum from above will also help with that condition.
Out of scope
Not sure at this point.
Potential challenges
The issue was raised that maybe this module might also be used for other things that include requesting JWT tokens and possibly doing other forms of auth in the future.
Dependencies and Integrations
No response
Alternative solutions
No response
Acknowledgment
The text was updated successfully, but these errors were encountered: