By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Lambda@Edge SigV4Asymmetric signing issue in Typescript for S3 Multi Region Access point MRAP

0

Hi,

I had asked this question through support with case id 12004513771 however they were not able to assist with a custom code issue.

I was trying replicate in Typescript the S3 MRAP signing based on the article https://aws.amazon.com/blogs/storage/building-an-active-active-latency-based-application-across-multiple-regions/

The specific issue I am having with is the AWS SDK for node ‘aws-crt’ 1.15.9 and nodejs16.x:

import { auth } from 'aws-crt';

import { HttpHeaders, HttpRequest } from "aws-crt/dist/native/http";

.....

const httpRequest = new HttpRequest(method, endpoint, headers);

const signedHttpRequest: HttpRequest = await auth.aws_sign_request(httpRequest, config);

However the issue I have is that both calls above return an empty object {}

Typescript code:

Signing function:

async function sigV4ASignBasic(method: string, endpoint: string, headers: HttpHeaders, service: string): Promise<HttpHeaders> { const httpRequest = new HttpRequest(method, endpoint, headers); console.log('httpRequest: ' + JSON.stringify(httpRequest))

const config: AwsSigningConfig = {
    service: service,
    region: "*",
    algorithm: auth.AwsSigningAlgorithm.SigV4Asymmetric,
    signature_type: auth.AwsSignatureType.HttpRequestViaHeaders,
    signed_body_header: auth.AwsSignedBodyHeaderType.XAmzContentSha256,
    provider: auth.AwsCredentialsProvider.newDefault()
};
console.log('config: ' + JSON.stringify(config))

const signedHttpRequest: HttpRequest = await auth.aws_sign_request(httpRequest, config);
console.log('signedHttpRequest: ' + JSON.stringify(signedHttpRequest))
return signedHttpRequest.headers;

}

Called from:

    console.log('method: %s, endpoint: %s, cfReadOnlyHeaders with X-Amz-Cf-Id: %s, service: %s', method, endpoint, JSON.stringify(cfReadOnlyHeaders), service)
    //  # Sign the request with Signature Version 4A (SigV4A).
    const authHeaders: HttpHeaders = await sigV4ASignBasic(method, endpoint, cfReadOnlyHeaders, service)

Above log:

2023-02-14T10:58:06.610Z 4b78c29a-a348-4415-bf7b-533bb4cc0734 INFO method: GET, endpoint: https://xxxxxxxxxxxx.mrap.accesspoint.s3-global.amazonaws.com/favicon.ico, cfReadOnlyHeaders with X-Amz-Cf-Id: { "X-Amz-Cf-Id": "LTMHFCMnnmxohWwJpJHoUNfWR0_gZtk_9InF14ToRrKjpWtjwDiPlA==" } , service: s3

King Regards

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
rePost-User-4594628
asked a year ago245 views
1 Answer
0
Accepted Answer

Hello,

Greetings of the day!! Thank you for contacting AWS.

I have gone through the support case which was mentioned.

I see that an empty object is returned when 'new HttpRequest(method, endpoint, headers)' or 'await auth.aws_sign_request(httpRequest, config);' is called.

Kindly note that since the issue lies where the code for the sigV4a signing comes from, I request that you reach out to github for more information on how to circumvent this issue.

Rohit
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content