Layer7 API Management

Expand all | Collapse all

Adapter/connector from CA API GW to AWS (with AWS SignV4)

Jump to Best Answer
  • 1.  Adapter/connector from CA API GW to AWS (with AWS SignV4)

    Posted 05-17-2017 09:36 AM

    Hi 

     

    We need consume directly the Web Service of AWS from the CA API Gateway

    Example of AWS Services :

    - Kinesis Stream

    - Dynamodb

    - ... 

     

    Has anyone ever done it? If yes, how ?

     

    I precise that we don't want consume this services by "AWS API Gateway".

     

    In order to achieve this, Amazon requires an "AWS Sign V4"

     

    Amazon explains how to do in the page in Signing AWS Requests with Signature Version 4 - Amazon Web Services 

    Amazon give us a implementation example with Python Language on page : Examples of the Complete Version 4 Signing Process (Python) - Amazon Web Services 

     

    We have coded the equivalent in API Gateway but it is unsuccess.

    - The canonical request is OK

    - The string to sign is OK 

    - The signature is KO

     

    The function of Signature use HMAC-256 algorithm hash and "digest" function.

    We use "Generate Hash Security" for HMAC-256.

    We block on the  "digest" function.  There is base64 decode in format binary.

     

    Has anyone can help us ?

     

    the extract of code Python, give by Amazon :

    def sign(key, msg): return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()

     

    def getSignatureKey(key, date_stamp, regionName, serviceName):

    kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)

    kRegion = sign(kDate, regionName)

    kService = sign(kRegion, serviceName)

    kSigning = sign(kService, 'aws4_request')

    return kSigning

     

     

    Regards

    David



  • 2.  Re: Adapter/connector from CA API GW to AWS (with AWS SignV4)
    Best Answer

    Broadcom Employee
    Posted 05-17-2017 06:28 PM

    David,

     

    We have a tactical assertion for the AWS4 Signer that can be requested through the CA support team.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 3.  Re: Adapter/connector from CA API GW to AWS (with AWS SignV4)

    Posted 05-18-2017 02:27 AM

    Hi Stephen

     

    Great. I contact the CA support to obtain this assertion.

     

    Thanks !

     

    Regards

    David