Small Bash script, calling curl with the --aws-sigv4 option to AWS V4 sign a given request for use with an IAM authorized API Gateway endpoint.
./aws-api-gateway-iam.sh \
--request GET \
"https://api-gateway.mydomain.com/this/route/aws-iam-authz"| #!/bin/bash -e | |
| function exitError { | |
| echo "Error: $1" >&2 | |
| exit 1 | |
| } | |
| function main { | |
| if [[ -z $AWS_REGION ]]; then | |
| exitError "missing \$AWS_REGION" | |
| fi | |
| if [[ -z $AWS_ACCESS_KEY_ID ]]; then | |
| exitError "missing \$AWS_ACCESS_KEY_ID" | |
| fi | |
| if [[ -z $AWS_SECRET_ACCESS_KEY ]]; then | |
| exitError "missing \$AWS_SECRET_ACCESS_KEY" | |
| fi | |
| local awsSessionTokenHeader= | |
| if [[ -n $AWS_SESSION_TOKEN ]]; then | |
| awsSessionTokenHeader="--header x-amz-security-token:$AWS_SESSION_TOKEN" | |
| fi | |
| curl \ | |
| --aws-sigv4 "aws:amz:$AWS_REGION:execute-api" \ | |
| --user "$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY" \ | |
| $awsSessionTokenHeader \ | |
| "$@" | |
| } | |
| main "$@" |