@aws-sdk/middleware-signing

What is @aws-sdk/middleware-signing?

The @aws-sdk/middleware-signing package is part of the AWS SDK for JavaScript (v3). It provides middleware for signing requests made to AWS services. This is crucial for authenticating requests by automatically including secure signatures in API calls. The package ensures that AWS service requests are transmitted securely and are authenticated using the appropriate AWS credentials.

What are @aws-sdk/middleware-signing's main functionalities?

Request Signing

This code demonstrates how to add the AWS authentication middleware to an S3 client instance in the AWS SDK. It ensures that the PutObjectCommand is signed correctly before being sent to AWS.

import { S3Client, PutObjectCommand } from '@aws-sdk/client-s3';
import { awsAuthMiddleware } from '@aws-sdk/middleware-signing';

const client = new S3Client({});
client.middlewareStack.add(awsAuthMiddleware(), {
  step: 'finalizeRequest',
  name: 'awsAuthMiddleware',
  tags: { SET_CONTEXT: true },
  override: true
});

const command = new PutObjectCommand({ Bucket: 'example-bucket', Key: 'example-object', Body: 'Hello, world!' });
client.send(command);

Other packages similar to @aws-sdk/middleware-signing

aws4

The aws4 package is a lightweight utility that signs requests using AWS Signature Version 4. It can be used independently of the AWS SDK. Unlike @aws-sdk/middleware-signing, which is integrated within the AWS SDK v3, aws4 can be used with any HTTP request tool, providing more flexibility but requiring manual integration.

amazon-cognito-identity-js

This package includes functionality for signing in users and handling tokens with Amazon Cognito. While it is focused on authentication like @aws-sdk/middleware-signing, its scope is specifically tied to Amazon Cognito and does not provide general request signing capabilities for other AWS services.

README

@aws-sdk/signer-middleware

This package is deprecated. It is only used in "legacy auth", and no longer used in the AWS SDK as of the Smithy Reference Architecture implementation of identity and auth.

Changelog

3.840.0 (2025-06-30)

Features

• client-arc-zonal-shift: Added support for on-demand practice runs and balanced capacity checks in ARC autoshift practice. (95ccc93)
• client-b2bi: Updated APIs to support inbound EDI split capabilities and additional Partnership-level configurations of generated EDI files' contents and format. (15f931b)
• client-bedrock-runtime: Add API Key and document citations support for Bedrock Runtime APIs (3e92ce7)
• client-bedrock: Add support for API Keys, Re-Ranker, implicit filter for RAG / KB evaluation for Bedrock APIs. (8587fbb)
• client-cloudformation: Added support for UNKNOWN drift status. (80c8e5f)
• client-cloudwatch-logs: Increase minimum length of queryId parameter to 1 character. (80e2132)
• client-config-service: Updated ResourceType enum with new resource types onboarded by AWS Config as of June 2025 (4863805)
• client-connect: This release introduces ChatMetrics to the model, providing comprehensive analytics insights for Amazon Connect chat conversations. Users can access these detailed metrics through the AWS Connect API by using the DescribeContact operation with their specific instance and contact IDs (171954c)
• client-dataexchange: This release updates resource Id with alphanumeric constraint, including Asset id, Revision id, Data Set id, Job id, and Event Action id. (64051a9)
• client-dynamodb: This change adds support for witnesses in global tables. It also adds a new table status, REPLICATION_NOT_AUTHORIZED. This status will indicate scenarios where global replicas table can't be utilized for data plane operations. (73ec7dc)
• client-eventbridge: Added support for EventBridge Dualstack endpoints in AWS GovCloud (US) regions (us-gov-east-1 and us-gov-west-1). The dualstack endpoints are identical for both FIPS and non-FIPS configurations, following the format: events.{region}.api.aws (b85b1f2)
• client-glue: releasing source processing properties to support source properties for ODB integrations (aa10e5d)
• client-iam: Updated IAM ServiceSpecificCredential support to include expiration, API Key output format instead of username and password for services that will support API keys, and the ability to list credentials for all users in the account for a given service configuration. (cffa711)
• client-medical-imaging: Added new fields to support the concept of primary image sets within the storage hierarchy. (b28be5c)
• client-networkflowmonitor: Add ConflictExceptions to UpdateScope and DeleteScope operations for scopes being mutated. (417e154)
• client-outposts: Make ContactName and ContactPhoneNumber required fields when creating and updating Outpost Site Addresses. (c5cd452)
• client-pcs: Fixed the validation pattern for an instance profile Amazon Resource Name (ARN) in AWS PCS. (cb27085)
• client-quicksight: Introduced custom permission capabilities for reporting content. Added menu option in exploration to preserve configuration data when textbox menu option is used. Added support for Athena trusted identity propagation. (2cd13e7)
• client-ssm: Introduces AccessType, a new filter value for the DescribeSessions API. (daee31f)
• client-transfer: Added support for dual-stack (IPv4 and IPv6) endpoints for SFTP public endpoints and VPC-internal endpoints (SFTP, FTPS, FTP, and AS2), enabling customers to configure new servers with IPv4 or dual-stack mode, convert existing servers to dual-stack, and use IPv6 with service APIs. (08fc8d3)
• clients: update client endpoints as of 2025-06-30 (0438004)
• xhr-http-handler: add support for per-request/per-operation timeouts (#7159) (9c12aff)