aws4-react-native

NOTE: This package is a fork of https://github.com/mhart/aws4, modified to work with React Native apps. The core Node JS module querystring has been replaced by querystring-browser, and crypto has been replaced by a standalone javascript file crypto.js generated using browserify. There are no other code changes.

What follows is the a slighly modified README from aws4.

---

A small utility to sign React Native HTTP(S) requests using Amazon's AWS Signature Version 4.

This signature is supported by nearly all Amazon services, including S3, EC2, DynamoDB, Kinesis, Lambda, SQS, SNS, IAM, STS, RDS, CloudWatch, CloudWatch Logs, CodeDeploy, CloudFront, CloudTrail, ElastiCache, EMR, Glacier, CloudSearch, Elastic Load Balancing, Elastic Transcoder, CloudFormation, Elastic Beanstalk, Storage Gateway, Data Pipeline, Direct Connect, Redshift, OpsWorks, SES, SWF, AutoScaling, Mobile Analytics, Cognito Identity, Cognito Sync, Container Service, AppStream, Key Management Service, Config, CloudHSM, Route53 and Route53 Domains.

Indeed, the only AWS services that don't support v4 as of 2014-12-30 are Import/Export and SimpleDB (they only support AWS Signature Version 2).

It also provides defaults for a number of core AWS headers and request parameters, making it very easy to query AWS services, or build out a fully-featured AWS library.

Example

1var aws4  = require('aws4-react-native')
2
3// given an options object you could pass to http.request
4var opts = {host: 'sqs.us-east-1.amazonaws.com', path: '/?Action=ListQueues'}
5
6// alternatively (as aws4 can infer the host):
7opts = {service: 'sqs', region: 'us-east-1', path: '/?Action=ListQueues'}
8
9// alternatively (as us-east-1 is default):
10opts = {service: 'sqs', path: '/?Action=ListQueues'}
11
12aws4.sign(opts) // assumes AWS credentials are available in process.env
13
14console.log(opts)
15/*
16{
17  host: 'sqs.us-east-1.amazonaws.com',
18  path: '/?Action=ListQueues',
19  headers: {
20    Host: 'sqs.us-east-1.amazonaws.com',
21    'X-Amz-Date': '20121226T061030Z',
22    Authorization: 'AWS4-HMAC-SHA256 Credential=ABCDEF/20121226/us-east-1/sqs/aws4_request, ...'
23  }
24}
25*/
26
27// we can now use this to query AWS using the standard React Native API
28var url = "https://" + signedOptions.host + signedOptions.path;
29fetch(url, signedOptions)
30  .then(body => body.json())
31  .then(json => console.log(json));
32// The above code is equivalent to the following Node JS request:
33// http.request(opts, function(res) { res.pipe(process.stdout) }).end()
34/*
35<?xml version="1.0"?>
36<ListQueuesResponse xmlns="http://queue.amazonaws.com/doc/2012-11-05/">
37...
38*/

More options

1// you can also pass AWS credentials in explicitly (otherwise taken from process.env)
2aws4.sign(opts, {accessKeyId: '', secretAccessKey: ''})
3
4// can also add the signature to query strings
5aws4.sign({service: 's3', path: '/my-bucket?X-Amz-Expires=12345', signQuery: true})
6
7// create a utility function to print the output to console
8function request(signedOptions) { 
9  var url = "https://" + (signedOptions.host || signedOptions.hostname) + signedOptions.path;
10  fetch(url, signedOptions)
11    .then(body => body.json())
12    .then(json => console.log(json));
13}
14
15// aws4 can infer the HTTP method if a body is passed in
16// method will be POST and Content-Type: 'application/x-www-form-urlencoded; charset=utf-8'
17request(aws4.sign({service: 'iam', body: 'Action=ListGroups&Version=2010-05-08'}))
18/*
19<ListGroupsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
20...
21*/
22
23// can specify any custom option or header as per usual
24request(aws4.sign({
25  service: 'dynamodb',
26  region: 'ap-southeast-2',
27  method: 'POST',
28  path: '/',
29  headers: {
30    'Content-Type': 'application/x-amz-json-1.0',
31    'X-Amz-Target': 'DynamoDB_20120810.ListTables'
32  },
33  body: '{}'
34}))
35/*
36{"TableNames":[]}
37...
38*/
39
40// works with all other services that support Signature Version 4
41
42request(aws4.sign({service: 's3', path: '/', signQuery: true}))
43/*
44<ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
45...
46*/
47
48request(aws4.sign({service: 'ec2', path: '/?Action=DescribeRegions&Version=2014-06-15'}))
49/*
50<DescribeRegionsResponse xmlns="http://ec2.amazonaws.com/doc/2014-06-15/">
51...
52*/
53
54request(aws4.sign({service: 'sns', path: '/?Action=ListTopics&Version=2010-03-31'}))
55/*
56<ListTopicsResponse xmlns="http://sns.amazonaws.com/doc/2010-03-31/">
57...
58*/
59
60request(aws4.sign({service: 'sts', path: '/?Action=GetSessionToken&Version=2011-06-15'}))
61/*
62<GetSessionTokenResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
63...
64*/
65
66request(aws4.sign({service: 'cloudsearch', path: '/?Action=ListDomainNames&Version=2013-01-01'}))
67/*
68<ListDomainNamesResponse xmlns="http://cloudsearch.amazonaws.com/doc/2013-01-01/">
69...
70*/
71
72request(aws4.sign({service: 'ses', path: '/?Action=ListIdentities&Version=2010-12-01'}))
73/*
74<ListIdentitiesResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/">
75...
76*/
77
78request(aws4.sign({service: 'autoscaling', path: '/?Action=DescribeAutoScalingInstances&Version=2011-01-01'}))
79/*
80<DescribeAutoScalingInstancesResponse xmlns="http://autoscaling.amazonaws.com/doc/2011-01-01/">
81...
82*/
83
84request(aws4.sign({service: 'elasticloadbalancing', path: '/?Action=DescribeLoadBalancers&Version=2012-06-01'}))
85/*
86<DescribeLoadBalancersResponse xmlns="http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/">
87...
88*/
89
90request(aws4.sign({service: 'cloudformation', path: '/?Action=ListStacks&Version=2010-05-15'}))
91/*
92<ListStacksResponse xmlns="http://cloudformation.amazonaws.com/doc/2010-05-15/">
93...
94*/
95
96request(aws4.sign({service: 'elasticbeanstalk', path: '/?Action=ListAvailableSolutionStacks&Version=2010-12-01'}))
97/*
98<ListAvailableSolutionStacksResponse xmlns="http://elasticbeanstalk.amazonaws.com/docs/2010-12-01/">
99...
100*/
101
102request(aws4.sign({service: 'rds', path: '/?Action=DescribeDBInstances&Version=2012-09-17'}))
103/*
104<DescribeDBInstancesResponse xmlns="http://rds.amazonaws.com/doc/2012-09-17/">
105...
106*/
107
108request(aws4.sign({service: 'monitoring', path: '/?Action=ListMetrics&Version=2010-08-01'}))
109/*
110<ListMetricsResponse xmlns="http://monitoring.amazonaws.com/doc/2010-08-01/">
111...
112*/
113
114request(aws4.sign({service: 'redshift', path: '/?Action=DescribeClusters&Version=2012-12-01'}))
115/*
116<DescribeClustersResponse xmlns="http://redshift.amazonaws.com/doc/2012-12-01/">
117...
118*/
119
120request(aws4.sign({service: 'cloudfront', path: '/2014-05-31/distribution'}))
121/*
122<DistributionList xmlns="http://cloudfront.amazonaws.com/doc/2014-05-31/">
123...
124*/
125
126request(aws4.sign({service: 'elasticache', path: '/?Action=DescribeCacheClusters&Version=2014-07-15'}))
127/*
128<DescribeCacheClustersResponse xmlns="http://elasticache.amazonaws.com/doc/2014-07-15/">
129...
130*/
131
132request(aws4.sign({service: 'elasticmapreduce', path: '/?Action=DescribeJobFlows&Version=2009-03-31'}))
133/*
134<DescribeJobFlowsResponse xmlns="http://elasticmapreduce.amazonaws.com/doc/2009-03-31">
135...
136*/
137
138request(aws4.sign({service: 'route53', path: '/2013-04-01/hostedzone'}))
139/*
140<ListHostedZonesResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/">
141...
142*/
143
144request(aws4.sign({service: 'appstream', path: '/applications'}))
145/*
146{"_links":{"curie":[{"href":"http://docs.aws.amazon.com/appstream/latest/...
147...
148*/
149
150request(aws4.sign({service: 'cognito-sync', path: '/identitypools'}))
151/*
152{"Count":0,"IdentityPoolUsages":[],"MaxResults":16,"NextToken":null}
153...
154*/
155
156request(aws4.sign({service: 'elastictranscoder', path: '/2012-09-25/pipelines'}))
157/*
158{"NextPageToken":null,"Pipelines":[]}
159...
160*/
161
162request(aws4.sign({service: 'lambda', path: '/2014-11-13/functions/'}))
163/*
164{"Functions":[],"NextMarker":null}
165...
166*/
167
168request(aws4.sign({service: 'ecs', path: '/?Action=ListClusters&Version=2014-11-13'}))
169/*
170<ListClustersResponse xmlns="http://ecs.amazonaws.com/doc/2014-11-13/">
171...
172*/
173
174request(aws4.sign({service: 'glacier', path: '/-/vaults', headers: {'X-Amz-Glacier-Version': '2012-06-01'}}))
175/*
176{"Marker":null,"VaultList":[]}
177...
178*/
179
180request(aws4.sign({service: 'storagegateway', body: '{}', headers: {
181  'Content-Type': 'application/x-amz-json-1.1',
182  'X-Amz-Target': 'StorageGateway_20120630.ListGateways'
183}}))
184/*
185{"Gateways":[]}
186...
187*/
188
189request(aws4.sign({service: 'datapipeline', body: '{}', headers: {
190  'Content-Type': 'application/x-amz-json-1.1',
191  'X-Amz-Target': 'DataPipeline.ListPipelines'
192}}))
193/*
194{"hasMoreResults":false,"pipelineIdList":[]}
195...
196*/
197
198request(aws4.sign({service: 'opsworks', body: '{}', headers: {
199  'Content-Type': 'application/x-amz-json-1.1',
200  'X-Amz-Target': 'OpsWorks_20130218.DescribeStacks'
201}}))
202/*
203{"Stacks":[]}
204...
205*/
206
207request(aws4.sign({service: 'route53domains', body: '{}', headers: {
208  'Content-Type': 'application/x-amz-json-1.1',
209  'X-Amz-Target': 'Route53Domains_v20140515.ListDomains'
210}}))
211/*
212{"Domains":[]}
213...
214*/
215
216request(aws4.sign({service: 'kinesis', body: '{}', headers: {
217  'Content-Type': 'application/x-amz-json-1.1',
218  'X-Amz-Target': 'Kinesis_20131202.ListStreams'
219}}))
220/*
221{"HasMoreStreams":false,"StreamNames":[]}
222...
223*/
224
225request(aws4.sign({service: 'cloudtrail', body: '{}', headers: {
226  'Content-Type': 'application/x-amz-json-1.1',
227  'X-Amz-Target': 'CloudTrail_20131101.DescribeTrails'
228}}))
229/*
230{"trailList":[]}
231...
232*/
233
234request(aws4.sign({service: 'logs', body: '{}', headers: {
235  'Content-Type': 'application/x-amz-json-1.1',
236  'X-Amz-Target': 'Logs_20140328.DescribeLogGroups'
237}}))
238/*
239{"logGroups":[]}
240...
241*/
242
243request(aws4.sign({service: 'codedeploy', body: '{}', headers: {
244  'Content-Type': 'application/x-amz-json-1.1',
245  'X-Amz-Target': 'CodeDeploy_20141006.ListApplications'
246}}))
247/*
248{"applications":[]}
249...
250*/
251
252request(aws4.sign({service: 'directconnect', body: '{}', headers: {
253  'Content-Type': 'application/x-amz-json-1.1',
254  'X-Amz-Target': 'OvertureService.DescribeConnections'
255}}))
256/*
257{"connections":[]}
258...
259*/
260
261request(aws4.sign({service: 'kms', body: '{}', headers: {
262  'Content-Type': 'application/x-amz-json-1.1',
263  'X-Amz-Target': 'TrentService.ListKeys'
264}}))
265/*
266{"Keys":[],"Truncated":false}
267...
268*/
269
270request(aws4.sign({service: 'config', body: '{}', headers: {
271  'Content-Type': 'application/x-amz-json-1.1',
272  'X-Amz-Target': 'StarlingDoveService.DescribeDeliveryChannels'
273}}))
274/*
275{"DeliveryChannels":[]}
276...
277*/
278
279request(aws4.sign({service: 'cloudhsm', body: '{}', headers: {
280  'Content-Type': 'application/x-amz-json-1.1',
281  'X-Amz-Target': 'CloudHsmFrontendService.ListAvailableZones'
282}}))
283/*
284{"AZList":["us-east-1a","us-east-1b","us-east-1c"]}
285...
286*/
287
288request(aws4.sign({
289  service: 'swf',
290  body: '{"registrationStatus":"REGISTERED"}',
291  headers: {
292    'Content-Type': 'application/x-amz-json-1.0',
293    'X-Amz-Target': 'SimpleWorkflowService.ListDomains'
294  }
295}))
296/*
297{"domainInfos":[]}
298...
299*/
300
301request(aws4.sign({
302  service: 'cognito-identity',
303  body: '{"MaxResults": 1}',
304  headers: {
305    'Content-Type': 'application/x-amz-json-1.1',
306    'X-Amz-Target': 'AWSCognitoIdentityService.ListIdentityPools'
307  }
308}))
309/*
310{"IdentityPools":[]}
311...
312*/
313
314request(aws4.sign({
315  service: 'mobileanalytics',
316  path: '/2014-06-05/events',
317  body: JSON.stringify({events:[{
318    eventType: 'a',
319    timestamp: new Date().toISOString(),
320    session: {},
321  }]}),
322  headers: {
323    'Content-Type': 'application/json',
324    'X-Amz-Client-Context': JSON.stringify({
325      client: {client_id: 'a', app_title: 'a'},
326      custom: {},
327      env: {platform: 'a'},
328      services: {},
329    }),
330  }
331}))
332/*
333(HTTP 202, empty response)
334*/
335
336// Generate CodeCommit Git access password
337var signer = new aws4.RequestSigner({
338  service: 'codecommit',
339  host: 'git-codecommit.us-east-1.amazonaws.com',
340  method: 'GIT',
341  path: '/v1/repos/MyAwesomeRepo',
342})
343var password = signer.getDateTime() + 'Z' + signer.signature()

API

aws4.sign(requestOptions, [credentials])

This calculates and populates the Authorization header of requestOptions, and any other necessary AWS headers and/or request options. Returns requestOptions as a convenience for chaining.

requestOptions is an object holding the same options that the node.js http.request function takes.

The following properties of requestOptions are used in the signing or populated if they don't already exist:

• hostname or host (will be determined from service and region if not given)
• method (will use 'GET' if not given or 'POST' if there is a body)
• path (will use '/' if not given)
• body (will use '' if not given)
• service (will be calculated from hostname or host if not given)
• region (will be calculated from hostname or host or use 'us-east-1' if not given)
• headers['Host'] (will use hostname or host or be calculated if not given)
• headers['Content-Type'] (will use 'application/x-www-form-urlencoded; charset=utf-8' if not given and there is a body)
• headers['Date'] (used to calculate the signature date if given, otherwise new Date is used)

Your AWS credentials (which can be found in your AWS console) can be specified in one of two ways:

• As the second argument, like this:

1aws4.sign(requestOptions, {
2  secretAccessKey: "<your-secret-access-key>",
3  accessKeyId: "<your-access-key-id>",
4  sessionToken: "<your-session-token>"
5})

• From process.env, such as this:

export AWS_SECRET_ACCESS_KEY="<your-secret-access-key>"
export AWS_ACCESS_KEY_ID="<your-access-key-id>"
export AWS_SESSION_TOKEN="<your-session-token>"

(will also use AWS_ACCESS_KEY and AWS_SECRET_KEY if available)

The sessionToken property and AWS_SESSION_TOKEN environment variable are optional for signing with IAM STS temporary credentials.

Installation

With npm do:

npm install aws4-react-native

Thanks

Thanks to @jed for his dynamo-client lib where I first committed and subsequently extracted this code.

Also thanks to the official node.js AWS SDK for giving me a start on implementing the v4 signature.