This is a simple program that can proxy any AWS SigV4 request, resign with specified credentials, and send it to the originally intended service.
How is this different from https://github.com/awslabs/aws-sigv4-proxy? The aws-sigv4-proxy library
requires that the entire request body be read and loaded into memory. This is due to a limitation in
the aws golang sdk v1. This package instead utilizes the v2 sdk and therefore can detect
if the body needs to be read entirely or not. This is particularly useful when sending large objects
to S3.
First, clone the repository. Then...
Build:
go build .
Run:
aws-proxy [-port <port>] [-verbose] [-aws-partition <partition>]
-portspecifies the port to run the proxy server on-verbosewill add more verbose logging-aws-partitionaws partition to use
Credentials are picked up from the environment, following the standard AWS credential provider chain
Now you can point your SDK at the locally running server to get request resigned. Example with the AWS CLI:
aws --profile unauthorized-profile s3 cp \
--endpoint-url http://localhost:8080 \
/tmp/some/local/file.txt \
s3://bucket/key.txtBuild the image
docker build . -t aws-proxyRun the image
docker run \
-p 8080:8080 \
-v ~/.aws:/root/.aws \
aws-proxy -port 8080- Only works for AWS requests sent over https. Original request must be signed with sigv4 auth
- Uses both aws golang sdk v2 and v1 because of limitations around retrieving service endpoints in v2
- Improve logging framework
- Ensure the proxy sub-module can be used on its own