API Gateway Websocket sigv4 ahthentication

It is possible, I connected to WSS endpoints using Sigv4 in two distinct ways: using headers and querystring.

Example of wscat command using headers:

wscat -H "Sec-WebSocket-Version:13" \
-H "Sec-WebSocket-Key:d6Bb3S0ZIibBDRfF460/Hw==" \
-H "Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits" \
-H "Date:20211011T205720Z" \
-H "Authorization:AWS4-HMAC-SHA256 Credential=AKIAS123456789012345/20211011/us-east-1/managedblockchain/aws4_request, SignedHeaders=date;host, Signature=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
-c wss://nd-aaaaaaaaaaaaaaaaaaaaaaaaaa.wss.ethereum.managedblockchain.us-east-1.amazonaws.com

Example of wscat command using querystring:

wscat --connect "wss://nd-aaaaaaaaaaaaaaaaaaaaaaaaaa.wss.ethereum.managedblockchain.us-east-1.amazonaws.com/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS123456789012345%2F20211018%2Fus-east-1%2Fmanagedblockchain%2Faws4_request&X-Amz-Date=20211018T151804Z&X-Amz-Expires=30&X-Amz-SignedHeaders=host&X-Amz-Signature=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

Important: the implementation of WebSocket for web browsers do not accept headers, so you mush go with the query string version.

Code used to output a wscat command with Header auth:

Refer to these very useful examples here: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html