Creating a String to Sign
You can create a string to sign which contains the information of your request and the hash of the canonical request you created in Creating a Canonical Request.
You need to use this string to sign and a signing key you create later on to calculate the signature in Calculating a Signature.
To create the string to sign, you need to concatenate the following elements:
-
The signing algorithm
-
The date and time
-
The credential information
-
The hash of the canonical request
You do not need to do this procedure if you use OSC CLI, AWS CLI, or an SDK for your API request.
Before you begin: Complete the Creating a Canonical Request procedure. |
-
Specify the signing algorithm following this syntax (where \n is a newline character):
Example of algorithmAWS4-HMAC-SHA256\n
The signing algorithm corresponds to the function you used to calculate the hash of the canonical request. For example, if you used the SHA-256 function, the algorithm is
AWS4-HMAC-SHA256
. -
Add the date of the request following this syntax (where \n is a newline character):
Example of request date20180915T163400Z\n
This date must match the one you specified in Creating a Canonical Request and follow this format: YYYYMMDD’T’HHMMSS’Z'.
-
Add the credential information following this syntax (where \n is a newline character):
Example of credential information20180915/eu-west-2/ec2/aws4_request\n
This string must include the following elements, separated by slash characters (/):
-
the date, in the following format:
YYYYMMDD
-
the Region to which you send the request
-
the service you are requesting
-
a termination string
-
-
Add the hash of the canonical request you created in Creating a Canonical Request.
Example of hash of a canonical request0547bdda2966fc9a3a76269a3193bed373a56072cfa77949936bc2a556016f32
The hashed canonical request must be lowercase base-16 encoded. For more information, see the section 8 of the RFC 4648.
The string to sign is created.
Example of string to signAWS4-HMAC-SHA256 20180915T163400Z 20180915/eu-west-2/ec2/aws4_request 0547bdda2966fc9a3a76269a3193bed373a56072cfa77949936bc2a556016f32
You must use the string to sign to create the signature in Calculating a Signature.
Related Pages
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.