We need consume directly the Web Service of AWS from the CA API Gateway
Example of AWS Services :
- Kinesis Stream
Has anyone ever done it? If yes, how ?
I precise that we don't want consume this services by "AWS API Gateway".
In order to achieve this, Amazon requires an "AWS Sign V4"
Amazon explains how to do in the page in Signing AWS Requests with Signature Version 4 - Amazon Web Services
Amazon give us a implementation example with Python Language on page : Examples of the Complete Version 4 Signing Process (Python) - Amazon Web Services
We have coded the equivalent in API Gateway but it is unsuccess.
- The canonical request is OK
- The string to sign is OK
- The signature is KO
The function of Signature use HMAC-256 algorithm hash and "digest" function.
We use "Generate Hash Security" for HMAC-256.
We block on the "digest" function. There is base64 decode in format binary.
Has anyone can help us ?
the extract of code Python, give by Amazon :
def sign(key, msg): return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, date_stamp, regionName, serviceName):
kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
We have a tactical assertion for the AWS4 Signer that can be requested through the CA support team.
Director, CA Support
Great. I contact the CA support to obtain this assertion.