github.com/smartystreets/go-aws-auth
Go-AWS-Auth is a comprehensive, lightweight library for signing requests to Amazon Web Services.
It's easy to use: simply build your HTTP request and call awsauth.Sign(req) before sending your request over the wire.
For more info about AWS authentication, see the comprehensive docs at AWS.
Go get it:
$ go get github.com/smartystreets/go-aws-auth
Then import it:
import "github.com/smartystreets/go-aws-auth"
The library looks for credentials in this order:
Hard-code: You can manually pass in an instance of awsauth.Credentials to any call to a signing function as a second argument:
awsauth.Sign(req, awsauth.Credentials{
AccessKeyID: "Access Key ID",
SecretAccessKey: "Secret Access Key",
SecurityToken: "Security Token", // STS (optional)
})
Environment variables: Set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables with your credentials. The library will automatically detect and use them. Optionally, you may also set the AWS_SECURITY_TOKEN environment variable if you are using temporary credentials from STS.
IAM Role: If running on EC2 and the credentials are neither hard-coded nor in the environment, go-aws-auth will detect the first IAM role assigned to the current EC2 instance and use those credentials.
(Be especially careful hard-coding credentials into your application if the code is committed to source control.)
Just make the request, have it signed, and perform the request as you normally would.
url := "https://iam.amazonaws.com/?Action=ListRoles&Version=2010-05-08"
client := new(http.Client)
req, err := http.NewRequest("GET", url, nil)
awsauth.Sign(req) // Automatically chooses the best signing mechanism for the service
resp, err := client.Do(req)
You can use Sign to have the library choose the best signing algorithm depending on the service, or you can specify it manually if you know what you need:
Sign2Sign3Sign4SignS3 (deprecated for Sign4)SignS3Url (for pre-signed S3 URLs; GETs only)Please feel free to contribute! Bug fixes are more than welcome any time, as long as tests assert correct behavior. If you'd like to change an existing implementation or see a new feature, open an issue first so we can discuss it. Thanks to all contributors!
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.