
Security News
npm ‘is’ Package Hijacked in Expanding Supply Chain Attack
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
requests-aws-iam-auth
Advanced tools
An AWS IAM authentication package for Requests. Supported services: API Gateway v1
An AWS IAM authentication package for Requests. Supported services: API Gateway v1. This is intended for use in production environments at the 1.0 release.
import requests
import requests_aws_iam_auth
# Provide AWS creds and config per Boto3 specs: https://tknk.io/ri3v
auth = requests_aws_iam_auth.ApiGateway()
requests.get("https://p7xw90rcx4.execute-api.us-east-1.amazonaws.com/s/", auth=auth)
Botocore
authorization, and x-amz-content-sha256 are directly modified in the signing protocal and will be set.
Expect for authorization, connection, expect, user-agent, x-amz-content-sha256, x-amz-security-token and x-amzn-trace-id all user set headers are signed.
If the user does not specify host it is derived and signed.
If the method is not GET, HEAD, or OPTIONS, has a payload, and the user does not provide a content-length header it is derived and signed.
If there's a Date header, we set the date header. Otherwise, we set the X-Amz-Date header.
The underlying http.client will derive an unsigned accept-encoding header if not user specified.
If using STS x-amz-security-token will be set by this library.
The payload is always signed using SHA 256.
HTTP and HTTPS 1.1 are supported.
Latest three minor versions of python will be supported.
This library uses botocore for signing.
Requests uses urllib3 which uses http.client.
Botocore relies on http.client deriving the host when absent. Botocore replacates this deravation and signs with it but does not append the header to the sent request. This has the potential for a mismatch error. There is a TODO in botocore to set the host header in the request.
Mateus Amin and Benton Drew
Mateus Amin and Benton Drew
????
FAQs
An AWS IAM authentication package for Requests. Supported services: API Gateway v1
We found that requests-aws-iam-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
Security News
A critical flaw in the popular npm form-data package could allow HTTP parameter pollution, affecting millions of projects until patched versions are adopted.
Security News
Bun 1.2.19 introduces isolated installs for smoother monorepo workflows, along with performance boosts, new tooling, and key compatibility fixes.