Home Reference Source Repository

aws-sigv4

A dependency-free, test suite-compliant, AWS Signature Version 4 library in ES2017

NPM npm version ESDoc Dependency Status devDependency Status Coverage Status Code Climate Test Coverage Issue Count Codacy Badge Known Vulnerabilities Greenkeeper badge

Example - ES2017 (Node 7.6+)

const sigv4 = require('aws-sigv4');

const signature = await sigv4.sign(
    secretAccessKey,
    requestDate.slice(0, 8),
    'us-east-1',
    'host',
    stringToSign
);

console.log(signature);

Example - ES2016 (Node 4, 6, <= 7.5)

const sigv4 = require('aws-sigv4');

sigv4.sign(
    secretAccessKey,
    requestDate.slice(0, 8),
    'us-east-1',
    'host',
    stringToSign
)
    .then(signature => console.log(signature));

// Or, more specifically for S3:

const date = sigv4
    .formatDateTime(new Date())
    .slice(0, 8);
const credential = `${process.env.AWS_ACCESS_KEY_ID}/${date}/${process.env.AWS_REGION}/s3/aws4_request`;
const policy = new Buffer(
    JSON.stringify({
        expiration: new Date(Date.now() + 15 * 60000).toISOString(), // 15 minutes from now
        conditions: [
            {bucket: 'my-bucket-name'},
            {key: 'my-s3-key.mov'},
            {acl: 'private'},
            ['starts-with', '$Content-Type', 'video/'],
            ['content-length-range', 0, 10 * 1024 * 1024],
            {'x-amz-credential': credential},
            {'x-amz-algorithm': 'AWS4-HMAC-SHA256'},
            {'x-amz-date': date + 'T000000Z'}
        ]
    })
)
    .toString('base64');

sigv4.sign(
    process.env.AWS_SECRET_ACCESS_KEY,
    date,
    process.env.AWS_REGION,
    's3',
    policy
)
    .then(signature => console.log(sigature));

See Authenticating Requests in Browser-Based Uploads Using POST (AWS Signature Version 4) as the primary use case.