This library is based on the work of Alan Grosskurth at https://github.com/grosskur/lua-resty-aws. It is basically forked from his repository and we change the HMAC library used.
This library implements request signing using the AWS Signature Version 4 specification. This signature scheme is used by nearly all AWS services.
This library uses standard AWS environment variables as credentials to generate AWS Signature Version 4.
export AWS_ACCESS_KEY_ID=AKIDEXAMPLE
export AWS_SECRET_ACCESS_KEY=AKIDEXAMPLE
To be accessible in your nginx configuration, these variables should be
declared in nginx.conf
file.
#user nobody;
worker_processes 1;
error_log /dev/fd/1 debug;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
env AWS_ACCESS_KEY_ID;
env AWS_SECRET_ACCESS_KEY;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
You can then use the library to add AWS Signature headers and proxy_pass
to a
given S3 bucket.
set $bucket 'example';
set $s3_host $bucket.s3-eu-west-1.amazonaws.com;
location / {
access_by_lua_block {
require("resty.aws-signature").s3_set_headers(ngx.var.s3_host, ngx.var.uri)
}
proxy_pass https://$s3_host;
}
Note: you have to set either s3-<region>
or s3
as subdomain of
amazonaws.com
depending on your need. s3
will use us-east-1
region.
Check CONTRIBUTING.md for more information.
Copyright 2018 JobTeaser
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.