aws_sign_proxy

package module
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 10, 2018 License: MIT Imports: 11 Imported by: 0

README

AWS v4 Signing Proxy

Proxy to sign requests with AWS V4 Signatures. This project exists because I got fed up with trying to sign requests using Java.

Is this a fantastic idea? No. Does it get the job done? Yes.

Configuration

Configuration is performed via environment variables:

  • AWS_SIGN_PROXY_BIND: the address to bind to accept requests to sign and proxy to another service. Default is :8080.
  • AWS_SIGN_PROXY_TARGETPROTO: the protocol to use when proxying the request to the other service. Default is https.
  • AWS_SIGN_PROXY_TARGETHOST: hostname for the service which requires AWS v4 signed requests.
  • AWS_SIGN_PROXY_PROVIDER: provider for the target service.
  • AWS_SIGN_PROXY_REGION: region for the target service. This will default to AWS_DEFAULT_REGION if not explicitly set.
  • AWS_SIGN_PROXY_BLOCKHEADERS: a list of header names that should be removed from the proxied request.
  • AWS_SIGN_PROXY_EXTRAHEADERS: a map of additional headers that should be added to the proxied request.
  • AWS_SIGN_PROXY_HEALTHZENDPOINT: relative URL to use for simple health checking. Default is /_healthz. Change this if it somehow collides with the upstream service.
  • AWS_SIGN_PROXY_METRICSENDPOINT: relative URL to use for Prometheus metrics. Default is /_metrics. Change this if it somehow collides with the upstream service.

It is expected that you have AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for the target service already set in your environment as well.

Usage

To issue a request to a backing service foo.bar.com using the baz provider in the us-east-1 region:

$ export AWS_SIGN_PROXY_TARGETHOST=foo.bar.com
$ export AWS_SIGN_PROXY_PROVIDER=baz
$ export AWS_SIGN_PROXY_REGION=us-east-1
$ aws-sign-proxy

Now you may issue requests to the backing service by sending your plain requests to http://localhost:8080/ instead:

$ curl http://localhost:8080/some/service/endpoint -H 'X-Api-Key: blablabla'

Such a request would result in a signed request to

https://foo.bar.com/some/service/endpoint

along with the X-Api-Key header (and any others specified on the plain request).

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	Bind         string `default:":8080"`
	ExtraHeaders map[string]string
	BlockHeaders []string
	TargetProto  string `default:"https"`
	TargetHost   string
	Region       string
	Provider     string

	HealthzEndpoint string `default:"/_healthz"`
	MetricsEndpoint string `default:"/_metrics"`
}

type RequestSigner added in v0.1.2 

type RequestSigner struct {
	// contains filtered or unexported fields
}

func NewRequestSigner added in v0.1.2 

func NewRequestSigner(log *zap.Logger, config Config, signer *v4.Signer) *RequestSigner

func (*RequestSigner) CopyOutboundHeaders added in v0.1.2 

func (rs *RequestSigner) CopyOutboundHeaders(from, to *http.Request)

func (*RequestSigner) IsBlockedHeader added in v0.1.2 

func (rs *RequestSigner) IsBlockedHeader(name string) bool

func (*RequestSigner) Proxy added in v0.1.2 

func (rs *RequestSigner) Proxy(w http.ResponseWriter, r *http.Request)

Source Files

View all Source files

Directories

Path Synopsis
cmd
aws-sign-proxy

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.