I have an AWS API Gateway that I would like to secure using IAM Roles .
I am looking for a package to help me accessing it using Python. I am trying to avoid implementing the entire Version 4 Signing Process. I am sure there must be some library I can use.
I looked into aws-requests-auth but it requires a "aws_service" to generate the signature. I looked also to boto3 but I am not able to find any way to just add authentication headers to a general request.
To attach an IAM policy to an IAM user For the chosen user, choose the Permissions tab, and then choose Attach Policy. Under Grant permissions, choose Attach existing policies directly. Choose the policy document just created from the displayed list and then choose Next: Review.
To allow an API developer to create and manage an API in API Gateway, you must create IAM permissions policies that allow a specified API developer to create, update, deploy, view, or delete required API entities.
Open the Functions page of the Lambda console. Choose a function. Under Function overview, choose Add trigger. Select API Gateway.
If you want to make a call using the IAM role, you should use BotoAWSRequestsAuth
from aws-requests-auth:
import requests
from aws_requests_auth.boto_utils import BotoAWSRequestsAuth
auth = BotoAWSRequestsAuth(
aws_host="API_ID.execute-api.us-east-1.amazonaws.com",
aws_region="us-east-1",
aws_service="execute-api"
)
response = requests.get("https://API_ID.execute-api.us-east-1.amazonaws.com/STAGE/RESOURCE", auth=auth)
This will use botocore to retrieve a key and secret from the AWS metadata service rather than you needing to pass them yourself.
Thanks to Ka Hou Leong for the suggestion of the aws-requests-auth library.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With