view release on metacpan or  search on metacpan

lib/AWS/S3/Signer/V4.pm  view on Meta::CPAN

 use AWS::S3::Signer::V4;
 use HTTP::Request::Common;
 use LWP;

 my $signer = AWS::S3::Signer::V4->new(-access_key => 'AKIDEXAMPLE',
                                   -secret_key => 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY');
 my $ua     = LWP::UserAgent->new();

 # Example POST request
 my $request = POST('https://iam.amazonaws.com',
		    [Action=>'ListUsers',
		     Version=>'2010-05-08']);
 $signer->sign($request);
 my $response = $ua->request($request);

 # Example GET request
 my $uri     = URI->new('https://iam.amazonaws.com');
 $uri->query_form(Action=>'ListUsers',
		  Version=>'2010-05-08');

 my $url = $signer->signed_url($uri); # This gives a signed URL that can be fetched by a browser
 my $response = $ua->get($url);

=head1 DESCRIPTION

This module implement's Amazon Web Service's Signature version 4
(http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).

=head1 METHODS

=over 4

=item $signer = AWS::S3::Signer::V4->new(-access_key => $account_id,-secret_key => $private_key);

Create a signing object using your AWS account ID and secret key. You
may also use the temporary security tokens received from Amazon's STS
service, either by passing the access and secret keys derived from the
token, or by passing a VM::EC2::Security::Token produced by the
VM::EC2 module.

Arguments:

 Argument name       Argument Value
 -------------       --------------
 -access_key         An AWS access key (account ID)

 -secret_key         An AWS secret key

 -security_token     A VM::EC2::Security::Token object

 -service            An AWS service

 -region             An AWS region


If a security token is provided, it overrides any values given for
-access_key or -secret_key.

If the environment variables EC2_ACCESS_KEY and/or EC2_SECRET_KEY are
set, their contents are used as defaults for -access_key and
-secret_key.

If -service and/or -region is not provided, they are automtically determined
according to endpoint.

=cut

sub new {
    my $self = shift;
    my %args = @_;

    my ( $id, $secret, $token, $region, $service );
    if ( ref $args{-security_token}
        && $args{-security_token}->can('access_key_id') )
    {
        $id     = $args{-security_token}->accessKeyId;
        $secret = $args{-security_token}->secretAccessKey;
    }

    $id ||= $args{-access_key} || $ENV{EC2_ACCESS_KEY}
      or croak
"Please provide -access_key parameter or define environment variable EC2_ACCESS_KEY";
    $secret ||= $args{-secret_key} || $ENV{EC2_SECRET_KEY}
      or croak
"Please provide -secret_key or define environment variable EC2_SECRET_KEY";
    $region  = $args{-region}  || $ENV{EC2_REGION};
    $service = $args{-service} || $ENV{EC2_SERVICE};

    return bless {
        access_key => $id,
        secret_key => $secret,
        region     => $region,
        region     => $args{-region},
        service    => $args{-service},
        (
            defined( $args{-security_token} )
            ? ( security_token => $args{-security_token} )
            : ()
        ),
      },
      ref $self || $self;
}

sub access_key { shift->{access_key} }
sub secret_key { shift->{secret_key} }

=item $signer->sign($request [,$region] [,$payload_sha256_hex])

Given an HTTP::Request object, add the headers required by AWS and
then sign it with a version 4 signature by adding an "Authorization"
header.

The request must include a URL from which the AWS endpoint and service
can be derived, such as "ec2.us-east-1.amazonaws.com." In some cases
(e.g. S3 bucket operations) the endpoint does not indicate the
region. In this case, the region can be forced by passing a defined
value for $region. The current date and time will be added to the
request using an "X-Amz-Date header." To force the date and time to a
fixed value, include the "Date" header in the request.