Cover by James Murty

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

O'Reilly logo

User Authentication

AWS requires API request messages to be digitally signed by the owner of an AWS account. The services use this signature to confirm the identity of the sender and to ensure that the request has not been altered in transit. Generating request signatures and attaching them to your requests is a vital part of the communications process when using AWS.

Each AWS user account has an associated set of credentials that you use to sign your REST or Query request messages. These credentials, known as AWS Access Key Identifiers, are composed of a pair of text values that include an Access Key ID and a Secret Access Key. The Access Key ID identifies the AWS account holder who is making a request, and the Secret Access Key is used to calculate a digital signature for the request. As its name implies, your secret key must be kept private to ensure no one else sends requests to AWS pretending to be you. If you are afraid that your secret access key has been compromised, you can generate a new secret key at any time and invalidate the old one.

Note

The SOAP interfaces use X.509 certificates to authenticate request messages instead of the Access and Secret keys. To use the SOAP interfaces, or tools based on this interface, you must obtain your public and private X.509 certificate files in addition to your AWS Access Key Identifiers.

To sign REST or Query API requests, you must generate a keyed Hash Message Authentication Code (HMAC) that authenticates the request. This means that ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required