SEANK.H.LIAO

curl aws sigv4

signed requests the easy way

curl aws sigv4

So, say you've obtained some AWS credentials without using the aws CLI (see previous post). Now you want to make API calls, and we're not going to install the CLI now!

AWS API uses an interesting auth mechanism where you sign the contents of your request, rather than just presenting the token. curl thankfully learned how to do this via its --aws-sigv4 flag.

Woe unto me who didn't read the AWS docs for this header query param (but also the docs suck).

1curl \
2  -X POST \
3  -H 'X-Amz-Target: AmazonEC2ContainerRegistry_V20150921.GetAuthorizationToken' \
4  -H "X-Amz-Security-Token: ${AWS_SESSION_TOKEN}" \
5  -H 'Content-Type: application/x-amz-json-1.1' \
6  --user "${AWS_ACCESS_KEY_ID}:${AWS_SECRET_ACCESS_KEY}" \
7  --aws-sigv4 "aws:amz:${AWS_REGION}:ecr" \
8  -d '{}' \
9  "https://ecr.${AWS_REGION}.amazonaws.com"