Skip to content

AWS: Support sigv4 credential injection for the MITM proxy #1189

Description

@intentionally-left-nil

When aws_auth is present, if there is a connection to the upstream route, strip any existing aws auth headers and apply the correct sigv4 headers from the aws profile outside the sandbox.

From within the sandbox, AWS SDK's already respect HTTP_PROXY, so this is as simple as wiring up a fake AWS_ACCESS_KEY (and secret), so the sandbox makes a request..

Note that STREAMING-AWS4-HMAC-SHA256-PAYLOAD (aka chunked requests) are explicitly out of scope for this PR. It's a significant more amount of work, and requires making the proxy in general streamable, rather than capturing the entire body

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions