def sign_headers(*, url: str, payload: Dict):
'''Sign AWS API request headers'''
segments = urllib.parse.urlparse(url).netloc.split('.')
service = segments[0]
region = segments[1]
request = awsrequest.AWSRequest(
method='POST',
url=url,
data=json.dumps(payload),
)
auth.SigV4Auth(AWS_CREDENTIALS, service, region).add_auth(request)
return dict(request.headers.items())
def _get_v4_signed_headers(self):
"""Returns V4 signed get-caller-identity request headers"""
if self.aws_session is None:
boto_session = session.Session()
creds = boto_session.get_credentials()
else:
creds = self.aws_session.get_credentials()
if creds is None:
raise CerberusClientException("Unable to locate AWS credentials")
readonly_credentials = creds.get_frozen_credentials()
# hardcode get-caller-identity request
data = OrderedDict((('Action','GetCallerIdentity'), ('Version', '2011-06-15')))
url = 'https://sts.{}.amazonaws.com/'.format(self.region)
request_object = awsrequest.AWSRequest(method='POST', url=url, data=data)
signer = auth.SigV4Auth(readonly_credentials, 'sts', self.region)
signer.add_auth(request_object)
return request_object.headers