Login using the aws authentication method with curl

Hello,

I am able to get a vault token by using my user credentials and the vault CLI.

AWS_PROFILE=5297-vmware@ouchmasters vault login --address http://127.0.0.1:8200 -method=aws role=aws-auth-role--iam-user

That being said, I would like to do exactly the same operation using curl.

Is there a way to generate and print the signature using a python script?

I found this link from AWS which is a generic answer, but I am only interested in interfacing through vault.
https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html#sig-v4-examples-post

Also the documentation is not 100% clear (well an example is missing on how to populate the other headers.

If you landed on this post because you have the same question, I also recommend you watch

which I found very helpful to understand the AWS auth.

Hi @emayssat,

Glad you found my HashiConf talk useful!

I’ve collected Python and Ruby scripts that print out the parameters you would pass to Vault to authenticate via the AWS IAM auth method at https://gist.github.com/joelthompson/378cbe449d541debf771f5a6a171c5ed (note that you’ll need to adjust some of the parameters to your needs). Once you have the output from that script, you would send a POST request to the auth/aws/login with the JSON output as the request body. There’s an example of how to do make such a request via curl in the Vault docs; again, you’ll need to replace the actual login data with the login data output from the python script.

Hope this helps!