Use the {{{aws4}}} helper to generate an AWS Signature Version 4 for authenticating API requests to Amazon Web Services. Provide your AWS credentials and service details, and this helper returns the authorization signature string you can include in an HTTP header.
{{{aws4 accessKey secretKey sessionToken region serviceName}}}
-
accessKey: AWS access key (e.g.,
"AKIA..."). -
secretKey: AWS secret key.
-
sessionToken: Optional; use
nullor""if no session token is needed. -
region: For example,
"us-east-1"or""to rely on a default derived from the request URL. -
serviceName: For example,
"execute-api"or""to infer from the request URL.
-
Basic usage with explicit credentials
{{{aws4 "AKIAxxxxxxxx" "xxxxxxxxxxxxxx" null "us-east-1" "execute-api"}}}Generates a signature for an AWS API in the
us-east-1region targeting theexecute-apiservice. -
Referencing encrypted fields from the Celigo connection
{{{aws4 connection.http.encrypted.accessKey connection.http.encrypted.secretKey null "us-west-2" "s3"}}}Ideal when credentials are stored securely in the connection object; this example signs requests for S3 in the
us-west-2region. -
Using session token
{{{aws4 connection.http.encrypted.accessKey connection.http.encrypted.secretKey connection.http.encrypted.sessionToken "us-east-1" "execute-api"}}}If your AWS environment requires temporary credentials, pass the session token accordingly.
Tip
-
Always specify region and serviceName for accurate signatures; relying on an inferred default can produce mismatches with AWS.
-
Include the generated signature in your HTTP
Authorizationheader, and remember to provide anX-Amz-Dateheader if required by your AWS service. -
Store AWS credentials in [connection.http.encrypted] fields to avoid exposing secret values in plain text.
-
Provide an
X-Amz-Dateheader with the correct format if your AWS service requires it. For example:"X-Amz-Date": "{{{timestamp "YYYYMMDDTHHmmss" "Etc/GMT-0"}}}Z"This ensures AWS recognizes the request date/time and can validate the signature.