AuthAws Python Reference Documentation
AuthAws
Current Version: 11.5.0
Chilkat.AuthAws
Provide AWS signing settings to
Sign requests using AWS Signature Version 4, including service, region,
credentials, headers, and request payload details.
Use access keys and secret keys directly, or use secret specifiers when
credentials should be resolved from a secure credential source.
Configure the AWS region and service name so signatures are generated
for the correct AWS endpoint.
Include session tokens when signing requests with temporary AWS
credentials from STS, IAM roles, or similar credential flows.
Generate temporary Signature V4 pre-signed URLs when a client needs
limited-time access without sending AWS credentials.
For an extended overview, see
AuthAws Class Overview.
Configure AWS request signing for REST calls and temporary pre-signed URLs.
Chilkat.AuthAws holds the AWS authentication settings used by
Chilkat.Rest when sending signed AWS requests. It supports AWS
Signature Version 4 by default, can optionally use the older Signature
Version 2 where applicable, accepts direct credential values or secure secret
specifiers, and can generate temporary Signature V4 pre-signed URLs for AWS
services.
REST authentication object
Chilkat.Rest so outgoing
requests are authenticated according to AWS requirements.
Signature Version 4
Credentials and secrets
Region and service targeting
Temporary credentials
Pre-signed URLs
AuthAws object with the AWS access key,
secret key or secret specifier, region, service name, and optional session
token, then pass it to Chilkat.Rest before sending the request.
Use AuthAws for AWS request signing; use service-specific
Chilkat classes or Chilkat.Http/Chilkat.Rest for
constructing and sending the actual API request.
Object Creation
obj = chilkat2.AuthAws()
Properties
AccessKey
The AWS access key.
topCanonicalizedResourceV2
If AWS Signature Version V2 is used, then this property must be set. The rules for setting the canonicalized resource for the V2 signature method is described here: Constructing the CanonicalizedResource Element.
DebugLogFilePath
If set to a file path, this property logs the LastErrorText of each Chilkat method or property call to the specified file. This logging helps identify the context and history of Chilkat calls leading up to any crash or hang, aiding in debugging.
Enabling the VerboseLogging property provides more detailed information. This property is mainly used for debugging rare instances where a Chilkat method call causes a hang or crash, which should generally not happen.
Possible causes of hangs include:
- A timeout property set to 0, indicating an infinite timeout.
- A hang occurring within an event callback in the application code.
- An internal bug in the Chilkat code causing the hang.
EnableSecrets
If True a secret specifier of the format "!!part1|part2|.." can be provided instead of the actual value for the AccessKey and SecretKey properties.
The default value is False.
LastErrorHtml
Provides HTML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastErrorText
Provides plain text information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
LastErrorXml
Provides XML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastMethodSuccess
Indicates the success or failure of the most recent method call: True means success, False means failure. This property remains unchanged by property setters or getters. This method is present to address challenges in checking for null or Nothing returns in certain programming languages. Note: This property does not apply to methods that return integer values or to boolean-returning methods where the boolean does not indicate success or failure.
PrecomputedMd5
This property can optionally be set for AWS requests that have a non-empty request body. This should be the base64 encoding of the 16 bytes of the MD5 hash. The most common need for this is if doing an S3 upload from a stream. (If the pre-computed MD5 is not provided, then Chilkat is forced to stream the entire file into memory so that it can calculate the MD5 for authentication.)
Note: AWS Signature Version 2 uses the MD5, whereas Signature Version 4 uses SHA256.
topPrecomputedSha256
This property can optionally be set for AWS requests that have a non-empty request body. This should be the lowercase hex encoding of the 32-bytes of the SHA256 hash. The most common need for this is if doing an S3 upload from a stream. (If the pre-computed SHA-256 is not provided, then Chilkat is forced to stream the entire file into memory so that it can calculate the SHA-256 for authentication.)
Note: AWS Signature Version 4 uses the SHA256 hash. (AWS Signature Version 2 uses MD5)
Region
The AWS region, such as us-east-1, us-west-2, eu-west-1, eu-central-1, etc. The default is us-east-1. It is only used when the SignatureVersion property is set to 4. This property is unused when the SignatureVersion property is set to 2.
SecretKey
The AWS secret key.
topServiceName
The AWS service namespace, such as s3, ses, etc. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
This property is unused when the SignatureVersion property is set to 2.
topSignatureVersion
The AWS Signature Version to be used in authentication. The default value is 4. This can optionally be set to the value 2 to use the older V2 signature version.
topVerboseLogging
If set to True, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is False. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.
Version
Methods
GenPresignedUrl
Generates a temporary pre-signed URL for an Amazon AWS service using AWS Signature V4. Requires that the SecretKey, AccessKey, and Region properties be set to valid values prior to calling this method.
The URL that is generated has this format:
https://<domain>/<path> ?X-Amz-Algorithm=AWS4-HMAC-SHA256 &X-Amz-Credential=<AccessKey>/<currentDate>/<Region>/<awsService>/aws4_request &X-Amz-Date=<currentDateTime> &X-Amz-Expires=<numSecondsValid> &X-Amz-SignedHeaders=host &X-Amz-Signature=<signature-value>
The httpVerb is the HTTP verb such as GET, PUT, POST, DELETE, etc. The awsService is a string naming the AWS service, such as s3, execute-api, etc. If useHttps is True, then the returned URL begins with https://, otherwise it begins with http://.
Note: It is generally not feasible to use pre-signed URLs for POST operations for any AWS service except for S3. See AWS Pre-Signed URLs for POST Operations (non-S3)
Returns None on failure