I want to confirm my secret_key is right.
So I am using ‘aws’ provider to make JWT token.
This JWT token will be sent to golang based server.
I checked
terraform-provider-aws/internal/service/iam/access_key.go
And there, as I think,
func hmacSignature(key []byte, value []byte) ([]byte, error) {
h := hmac.New(sha256.New, key)
if _, err := h.Write(value); err != nil {
return []byte(""), err
}
return h.Sum(nil), nil
}
func SessmTPPasswordFromSecretKeySigV4(key *string, region string) (string, error) {
if key == nil {
return "", nil
}
const version = byte(0x04)
date := []byte("11111111")
service := []byte("ses")
terminal := []byte("aws4_request")
message := []byte("SendRawEmail")
rawSig, err := hmacSignature([]byte("AWS4"+*key), date)
if err != nil {
return "", err
}
if rawSig, err = hmacSignature(rawSig, []byte(region)); err != nil {
return "", err
}
if rawSig, err = hmacSignature(rawSig, service); err != nil {
return "", err
}
if rawSig, err = hmacSignature(rawSig, terminal); err != nil {
return "", err
}
if rawSig, err = hmacSignature(rawSig, message); err != nil {
return "", err
}
versionedSig := make([]byte, 0, len(rawSig)+1)
versionedSig = append(versionedSig, version)
versionedSig = append(versionedSig, rawSig...)
return base64.StdEncoding.EncodeToString(versionedSig), nil
}
There functions will be used to make AWS4-HMAC-SHA256 signature of that.
And my question is.
- Is this code write that terraform ‘aws’ provider make
AWS4-HMAC-SHA256signature? - In here,
date,service,terminal,messageare hard-coded… Are they used as it is??
Thank you!!