AWS Authentication Traits#

This document defines AWS authentication schemes.

`aws.auth#sigv4` trait#

Trait summary

The aws.auth#sigv4 trait adds support for AWS signature version 4 to a service.

Trait selector

service

Trait value

An object that supports the following properties:

Property	Type	Description
name	`string`	Required. The signature version 4 service signing name to use in the credential scope when signing requests. This value MUST NOT be empty. This value SHOULD match the `arnNamespace` property of the aws.api#service trait.

$version: "2"

namespace aws.fooBaz

use aws.api#service
use aws.auth#sigv4
use aws.protocols#restJson1

@service(sdkId: "Some Value")
@sigv4(name: "foobaz")
@restJson1
service FooBaz {
    version: "2018-03-17"
}

`aws.auth#unsignedPayload` trait#

Summary: Indicates that the payload of an operation is not to be part of the signature computed for the request of an operation.
Trait selector: operation
Value type: Annotation trait

Most requests sent to AWS services require that the payload of the request is signed. However, in some cases, a service that streams large amounts of data with an unknown size at the time a request is initiated might require that the payload of a request is not signed.

The following example defines an operation that indicates the payload of the operation MUST NOT be used as part of the request signature calculation:

$version: "2"

use aws.auth#unsignedPayload

@unsignedPayload
operation PutThings {
    input: PutThingsInput
    output: PutThingsOutput
}

Unsigned Payloads and signature version 4#

Using an unsigned payload with AWS signature version 4 requires that the literal string UNSIGNED-PAYLOAD is used when constructing a canonical request, and the same value is sent in the x-amz-content-sha256 header when sending an HTTP request.

`aws.auth#cognitoUserPools` trait#