Amazon S3 Pre-Request Script:
Source
This script demonstrates how to generate AWS Signature Version 4 for Amazon S3 using Python:Pre- Request Scripts for Amazon.
PUT Method – Upload Data
import hashlib import hmac import datetime
access_key = '{{access_key}}'
secret_key = '{{secret_key}}'
bucket = '{{bucket_name}}'
region = '{{region}}'
payload = '''{{payload}}'''
host = '{{host}}'
canonical_uri = '/{{canonical_uri}}'
method = 'PUT'
amzdate = datetime.datetime.utcnow().strftime('%Y%m%dT%H%M%SZ')
datestamp = datetime.datetime.utcnow().strftime('%Y%m%d')
canonical_querystring = ''
payload_hash = hashlib.sha256(payload.encode()).hexdigest()
canonical_headers = f"host:{host}\nx-amz-content-sha256:{payload_hash}\nx-amz-date:{amzdate}\n"
signed_headers = 'host;x-amz-content-sha256;x-amz-date'
canonical_request = f"{method}\n{canonical_uri}\n{canonical_querystring}\n{canonical_headers}\n{signed_headers}\n{payload_hash}"
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = f"{datestamp}/{region}/s3/aws4_request"
string_to_sign = f"{algorithm}\n{amzdate}\n{credential_scope}\n{hashlib.sha256(canonical_request.encode()).hexdigest()}"
date_key = hmac.new(('AWS4' + secret_key).encode(), datestamp.encode(), hashlib.sha256).digest()
region_key = hmac.new(date_key, region.encode(), hashlib.sha256).digest()
service_key = hmac.new(region_key, 's3'.encode(), hashlib.sha256).digest()
signing_key = hmac.new(service_key, 'aws4_request'.encode(), hashlib.sha256).digest()
signature = hmac.new(signing_key, string_to_sign.encode(), hashlib.sha256).hexdigest()
authorization_header = f"{algorithm} Credential={access_key}/{credential_scope}, SignedHeaders={signed_headers}, Signature={signature}"
GET Method – Retrieve Data
import hashlib import hmac import datetime
access_key = '{{access_key}}'
secret_key = '{{secret_key}}'
bucket = '{{bucket_name}}'
region = '{{region}}'
host = '{{host}}'
canonical_uri = '/{{canonical_uri}}'
method = 'GET'
service = 's3'
t = datetime.datetime.utcnow()
amzdate = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d')
canonical_querystring = ''
canonical_headers = f"host:{host}\nx-amz-date:{amzdate}\n"
signed_headers = 'host;x-amz-date'
payload_hash = hashlib.sha256(''.encode('utf-8')).hexdigest()
canonical_request = f"{method}\n{canonical_uri}\n{canonical_querystring}\n{canonical_headers}\n{signed_headers}\n{payload_hash}"
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = f"{datestamp}/{region}/{service}/aws4_request"
string_to_sign = f"{algorithm}\n{amzdate}\n{credential_scope}\n{hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()}"
date_key = hmac.new(('AWS4' + secret_key).encode(), datestamp.encode(), hashlib.sha256).digest()
region_key = hmac.new(date_key, region.encode(), hashlib.sha256).digest()
service_key = hmac.new(region_key, service.encode(), hashlib.sha256).digest()
signing_key = hmac.new(service_key, 'aws4_request'.encode(), hashlib.sha256).digest()
signature = hmac.new(signing_key, string_to_sign.encode('utf-8'), hashlib.sha256).hexdigest()
authorization_header = f"{algorithm} Credential={access_key}/{credential_scope}, SignedHeaders={signed_headers}, Signature={signature}"
Note: In Amazon S3 pre-request scripts, users can select either the PUT or GET method based on whether they want to upload or retrieve data.
