Creating a String to Sign
You can create a string to sign which contains the information of your request and the hash of the canonical request you created in Creating a Canonical Request.
You need to use this string to sign and a signing key you create later on to calculate the signature in Calculating a Signature.
To create the string to sign, you need to concatenate the following elements:
-
The signing algorithm
-
The date and time
-
The credential information
-
The hash of the canonical request
You do not need to do this procedure if you use AWS CLI or an SDK for your API request.
Before you begin: Complete the Creating a Canonical Request procedure. |
-
Specify the signing algorithm following this syntax (where \n is a newline character):
Example of algorithmAWS4-HMAC-SHA256\n
The signing algorithm corresponds to the function you used to calculate the hash of the canonical request. For example, if you used the SHA-256 function, the algorithm is
AWS4-HMAC-SHA256
. -
Add the date of the request following this syntax (where \n is a newline character):
Example of request date20180915T163400Z\n
This date must match the one you specified in Creating a Canonical Request and follow this format: YYYYMMDD’T’HHMMSS’Z'.
-
Add the credential information following this syntax (where \n is a newline character):
Example of credential information20180915/eu-west-2/ec2/aws4_request\n
This string must include the following elements, separated by slash characters (/):
-
the date, in the following format:
YYYYMMDD
-
the Region to which you send the request
-
the service you are requesting
-
a termination string
-
-
Add the hash of the canonical request you created in Creating a Canonical Request.
Example of hash of a canonical request0547bdda2966fc9a3a76269a3193bed373a56072cfa77949936bc2a556016f32
The hashed canonical request must be lowercase base-16 encoded. For more information, see the section 8 of the RFC 4648.
The string to sign is created.
Example of string to signAWS4-HMAC-SHA256 20180915T163400Z 20180915/eu-west-2/ec2/aws4_request 0547bdda2966fc9a3a76269a3193bed373a56072cfa77949936bc2a556016f32
You must use the string to sign to create the signature in Calculating a Signature.
Related Pages
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.