Use AWS SigV4 authorization with requests.
Accessing an API secured with IAM authorization in AWS API Gateway can be tricky.
This tool uses the built-in authorization strategy in requests to help you access your secured endpoints.
pip install requests-iamauthAWS sigv4 is the current standard for signing requests bound for AWS services.
Use requests-iamauth to as an authorizer for the requests Python library:
import requests
from iamauth import Sigv4Auth
sigv4 = Sigv4Auth(
service_name="execute-api", # default
)
session = requests.Session()
session.auth = sigv4
session.get('https://abcdef0123.execute-api.us-east-2.amazonaws.com/my/api')Override the default boto3 session by passing a custom one into the constructor for Sigv4Auth:
import boto3
sigv4 = Sigv4Auth(
boto3_session=boto3.Session(),
)AWS sigv4a is an extension to the sigv4 signing process that enables signing requests bound for more than one region.
Note — at the time of this writing, the only API Gateway API type that appears to support the new sigv4a are REST APIs.
Use requests-iamauth to as an authorizer for the requests Python library:
import requests
from iamauth import Sigv4aAuth
sigv4a = Sigv4aAuth(
service="execute-api", # default
region="*", # default
)
session = requests.Session()
session.auth = sigv4a
session.get('https://abcdef0123.execute-api.us-east-2.amazonaws.com/my/api')Override the default AWS credentials provider by passing a custom one into the constructor for Sigv4aAuth:
from botocore.compat import awscrt
sigv4a = Sigv4aAuth(
credentials_provider=awscrt.auth.AwsCredentialsProvider.new_default_chain(),
)