AWS Storage Gateway User Guide
Example Signature Calculation
hash is a function that returns a unique hash value based on the input. The input to the hash function
includes the text of your request and your secret access key. The hash function returns a hash value that
you include in the request as your signature. The signature is part of the Authorization header of your
request.
After receiving your request, AWS Storage Gateway recalculates the signature using the same hash
function and input that you used to sign the request. If the resulting signature matches the signature in
the request, AWS Storage Gateway processes the request. Otherwise, the request is rejected.
AWS Storage Gateway supports authentication using AWS Signature Version 4. The process for
calculating a signature can be broken into three tasks:
• Task 1: Create a Canonical Request
Rearrange your HTTP request into a canonical format. Using a canonical form is necessary because
AWS Storage Gateway uses the same canonical form when it recalculates a signature to compare with
the one you sent.
• Task 2: Create a String to Sign
Create a string that you will use as one of the input values to your cryptographic hash function. The
string, called the string to sign, is a concatenation of the name of the hash algorithm, the request date,
a credential scope string, and the canonicalized request from the previous task. The credential scope
string itself is a concatenation of date, region, and service information.
• Task 3: Create a Signature
Create a signature for your request by using a cryptographic hash function that accepts two input
strings: your string to sign and a derived key. The derived key is calculated by starting with your
secret access key and using the credential scope string to create a series of Hash-based Message
Authentication Codes (HMACs).
Example Signature Calculation
The following example walks you through the details of creating a signature for ListGateways. The
example could be used as a reference to check your signature calculation method. Other reference
calculations are included in the Signature Version 4 Test Suite of the Amazon Web Services Glossary.
The example assumes the following:
• The time stamp of the request is "Mon, 10 Sep 2012 00:00:00" GMT.
• The endpoint is the US East (Ohio) region.
The general request syntax (including the JSON body) is:
POST / HTTP/1.1
Host: storagegateway.us-east-2.amazonaws.com
x-amz-Date: 20120910T000000Z
Authorization: SignatureToBeCalculated
Content-type: application/x-amz-json-1.1
x-amz-target: StorageGateway_20120630.ListGateways
{}
The canonical form of the request calculated for Task 1: Create a Canonical Request (p. 401) is:
POST
/
API Version 2013-06-30
401
To Next Page
Loading...