Signature Version 4 (SigV4) is the process to add authentication information to AWS API requests sent by HTTP. **How Signature Version 4 works** 1. Create a canonical request. 2. Use the canonical request and additional metadata to create a string for signing. 3. Derive a signing key from your AWS secret access key. Then use the signing key, and the string from the previous step, to create a signature. 4. Add the resulting signature to the HTTP request in a header or as a query string parameter. When an AWS service receives the request, it performs the same steps that you did to calculate the signature you sent in your request. AWS then compares its calculated signature to the one you sent with the request. If the signatures match, the request is processed. If the signatures don't match, the request is denied. --- ## References - https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html --- tags: [[AWS IAM|IAM]]