Signing Amazon SDB requests

Justin Cormack justin at
Thu Apr 28 13:23:42 MSD 2011

On Wed, 2011-04-27 at 18:28 -0400, AndrewH wrote:
> I am looking for some advice on the recommended way of achieving the
> following.
> I need to sign Amazon Simple Database (SDB) queries with our Amazon Web
> Services credentials before forwarding them to upstream Amazon's SDB
> servers.  
> The proxying behaviour will be taken care of by the proxy module but I'm
> not sure how to implement the actual signing.
> On first glance, it sounds similar to the module that performs this for
> Amazon S3 requests.  Unfortunately this doesn't work for SDB requests as
> the parameters in an SDB request are encoded in the arguments of the URI
> (  whereas S3 parameters are
> passed as separate HTTP headers.  
> I have looked at the rewrite module but the URI can only be manipulated
> using regular expressions and the processing I need to do is more
> complex than what the rewrite module can achieve ie.
> 1 Parse and decode the URI args to an SDB args list
> 2 Add several args to the SDB args list
> 3 Sort SDB args list
> 4 Generate a SHA message digest of the SDB args list using a user
> supplied variable as a key - the Base64 encoding of this is the
> signature.
> 5 Append the signature to the SDB args list
> 6 Regenerate the URI args
> 7 Forward it to the upstream

I recommend using the Lua nginx module to do this. Even doing the S3
stuff is painful without it (I think I needed it for one thing anyway).

Lua is pretty easy, I think the hard thing is deciding which libraries
to use (when I did the S3 I alas picked a buggy one). I recently started
using the Luajit ffi interface and as a C programmer find it easier. 

Will give it a go if I get time...


More information about the nginx mailing list