When aws_auth is present, if there is a connection to the upstream route, strip any existing aws auth headers and apply the correct sigv4 headers from the aws profile outside the sandbox.
From within the sandbox, AWS SDK's already respect HTTP_PROXY, so this is as simple as wiring up a fake AWS_ACCESS_KEY (and secret), so the sandbox makes a request..
Note that STREAMING-AWS4-HMAC-SHA256-PAYLOAD (aka chunked requests) are explicitly out of scope for this PR. It's a significant more amount of work, and requires making the proxy in general streamable, rather than capturing the entire body
When
aws_authis present, if there is a connection to the upstream route, strip any existing aws auth headers and apply the correct sigv4 headers from the aws profile outside the sandbox.From within the sandbox, AWS SDK's already respect HTTP_PROXY, so this is as simple as wiring up a fake AWS_ACCESS_KEY (and secret), so the sandbox makes a request..
Note that
STREAMING-AWS4-HMAC-SHA256-PAYLOAD(aka chunked requests) are explicitly out of scope for this PR. It's a significant more amount of work, and requires making the proxy in general streamable, rather than capturing the entire body