Skip to content
/ apisix-plugin-aws-auth Public

[WIP] AWS v4 Signature Authentication Plugin for Apache Apisix

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Lensual/apisix-plugin-aws-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
apisix/plugins
apisix/plugins
 
 
t/plugin
t/plugin
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

apisix-plugin-aws-auth

AWS v4 Signature Authentication Plugin for Apache Apisix

Attributes

For Consumer:

Name Type Requirement Description
access_key string required Unique access_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource.
secret_key string required Unique secret_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource.

NOTE: encrypt_fields = {"access_key", "secret_key"} is also defined in the schema, which means that the field will be stored encrypted in etcd. See encrypted storage fields.

For Route:

Name Type Requirement Default Description
host string optional Host to validate. Without validate if not provided.
region string optional Region to validate. Without validate if not provided.
service string optional Service to validate. Without validate if not provided.
clock_skew integer optional 60 * 15 Clock skew allowed by the signature in seconds. The default value is 900 seconds (15 minutes). If X-Amz-Date is not in request parameter, an error will occur. Setting it to 0 will skip checking the date (UNSAFE).
max_req_body integer optional 1024 * 512 Max Request Body size. The default value is 512 KiB.
enable_header_method boolean optional true Enable HTTP authorization header method. The default is true.
enable_query_string_method boolean optional true Enable Query string parameters method. The default is true.
max_expires integer optional 60 * 60 * 24 * 7 Sets the maximum value allowed for the X-Amz-Expires parameter. The default value is 604800 seconds (7 days). Setting it to 0 will skip checking exprires limit (UNSAFE).
extra_must_sign_headers array of string optional The Request Headers that must be signed. Case insensitive.
keep_unsigned_headers boolean optional false Whether to keep the Unsigned Request Header. The default is false.

Install

git clone https://github.com/Lensual/apisix-plugin-aws-auth
cp apisix-plugin-aws-auth/apisix/plugins/aws-auth.lua /path/to/apisix/plugins
cp -r apisix-plugin-aws-auth/apisix/plugins/aws-auth /path/to/apisix/plugins

conf/config.yaml

plugins:
  - aws-auth

Install by extra_lua_path

conf/config.yaml

plugins:
  - aws-auth
apisix:
  extra_lua_path: '/path/to/apisix-plugin-aws-auth/?.lua'

TODO

  • test query string method
  • PR to apisix
  • documents
  • review log
  • translate documents & comment
  • review test

License

Apache 2.0 License

About

[WIP] AWS v4 Signature Authentication Plugin for Apache Apisix

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages