aws-sigv4
A dependency-free, test suite-compliant, AWS Signature Version 4 library in ES2017
Example - ES2017 (Node 7.6+)
const sigv4 = require('aws-sigv4'); const signature = await sigv4.sign( secretAccessKey, requestDate.slice(0, 8), 'us-east-1', 'host', stringToSign); console.log(signature);
Example - ES2016 (Node 4, 6, <= 7.5)
const sigv4 = require('aws-sigv4'); sigv4.sign( secretAccessKey, requestDate.slice(0, 8), 'us-east-1', 'host', stringToSign) .then(signature => console.log(signature)); // Or, more specifically for S3: const date = sigv4 .formatDateTime(new Date()) .slice(0, 8);const credential = `${process.env.AWS_ACCESS_KEY_ID}/${date}/${process.env.AWS_REGION}/s3/aws4_request`;const policy = new Buffer( JSON.stringify({ expiration: new Date(Date.now() + 15 * 60000).toISOString(), // 15 minutes from now conditions: [ {bucket: 'my-bucket-name'}, {key: 'my-s3-key.mov'}, {acl: 'private'}, ['starts-with', '$Content-Type', 'video/'], ['content-length-range', 0, 10 * 1024 * 1024], {'x-amz-credential': credential}, {'x-amz-algorithm': 'AWS4-HMAC-SHA256'}, {'x-amz-date': date + 'T000000Z'} ] })) .toString('base64'); sigv4.sign( process.env.AWS_SECRET_ACCESS_KEY, date, process.env.AWS_REGION, 's3', policy) .then(signature => console.log(sigature));
See Authenticating Requests in Browser-Based Uploads Using POST (AWS Signature Version 4) as the primary use case.