AWS4 Authentication for Requests
raw JSON → 1.3.1 verified Tue May 12 auth: no python install: verified quickstart: verified
requests-aws4auth is a Python library providing AWS Signature Version 4 authentication for the popular Requests HTTP library. It enables secure interaction with AWS APIs by signing HTTP requests according to the SigV4 protocol. The library is actively maintained with a history of regular releases and improvements.
pip install requests-aws4auth Warnings
breaking Python 2.7 support was officially dropped in v1.1.0, and support for Python versions below 3.7 was explicitly removed in v1.3.0. Users on older Python versions will need to upgrade. ↓
fix Upgrade Python to >=3.7 and then upgrade requests-aws4auth to the latest version.
breaking The `six` compatibility library was removed in v1.3.0, signifying a full transition to Python 3 syntax. Code relying on `six` within or alongside `requests-aws4auth` may break. ↓
fix Update your code to use native Python 3 constructs or ensure `six` is not inadvertently relied upon by other dependencies in a way that conflicts with `requests-aws4auth`.
gotcha A regression error was present in versions 1.2.0 and 1.2.1 related to header port numbers, requiring a revert in v1.2.2. These versions should be avoided if port handling is critical. ↓
fix Upgrade to v1.2.2 or later.
gotcha Version 0.8 introduced automatic request date checking and key regeneration. This significantly changed behavior regarding multithreading and secret key storage, as an `AWS4Auth` instance might modify its internal signing key during a request if date headers mismatch. ↓
fix Review the 'Date handling', 'Automatic key regeneration', 'Secret key storage', and 'Multithreading' sections in the library's documentation to understand the implications for long-running or multi-threaded applications.
gotcha There are two popular, similarly named libraries: `requests-aws4auth` (this library, `tedder/requests-aws4auth`) and `aws-requests-auth` (`DavidMuller/aws-requests-auth`). Ensure you are importing from `requests_aws4auth` if you intend to use this specific package. ↓
fix Double-check your `pip install` command and `import` statements to confirm you are using the intended library.
breaking The library requires valid AWS credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to be provided, typically via environment variables or directly in the `AWS4Auth` constructor, to successfully authenticate requests. Without them, requests will fail with authentication errors (e.g., 403 InvalidAccessKeyId). ↓
fix Ensure AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are set with valid AWS credentials before running the application, or pass credentials directly to the `AWS4Auth` constructor.
gotcha Authentication failures (e.g., HTTP 403 InvalidAccessKeyId) commonly occur if AWS credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) are not correctly set in environment variables or passed to the `AWS4Auth` constructor, or if the provided credentials lack the necessary permissions for the requested action/resource. ↓
fix Ensure `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables are correctly set, or explicitly pass valid credentials to the `AWS4Auth` constructor. Verify that the IAM user/role associated with the credentials has sufficient permissions for the AWS service and resource being accessed.
Install compatibility verified last tested: 2026-05-12
python os / libc status wheel install import disk
3.10 alpine (musl) wheel - 0.57s 21.3M
3.10 alpine (musl) - - 0.61s 21.3M
3.10 slim (glibc) wheel 2.1s 0.43s 22M
3.10 slim (glibc) - - 0.44s 22M
3.11 alpine (musl) wheel - 0.72s 23.3M
3.11 alpine (musl) - - 0.81s 23.3M
3.11 slim (glibc) wheel 2.1s 0.61s 24M
3.11 slim (glibc) - - 0.61s 24M
3.12 alpine (musl) wheel - 0.71s 15.1M
3.12 alpine (musl) - - 0.73s 15.1M
3.12 slim (glibc) wheel 1.9s 0.65s 16M
3.12 slim (glibc) - - 0.67s 16M
3.13 alpine (musl) wheel - 0.64s 14.9M
3.13 alpine (musl) - - 0.71s 14.8M
3.13 slim (glibc) wheel 2.0s 0.63s 15M
3.13 slim (glibc) - - 0.68s 15M
3.9 alpine (musl) wheel - 0.51s 20.5M
3.9 alpine (musl) - - 0.54s 20.6M
3.9 slim (glibc) wheel 2.5s 0.52s 21M
3.9 slim (glibc) - - 0.46s 21M
Imports
- AWS4Auth
from requests_aws4auth import AWS4Auth
Quickstart verified last tested: 2026-04-24
import os
import requests
from requests_aws4auth import AWS4Auth
# It's highly recommended to use environment variables for sensitive AWS credentials
aws_access_key_id = os.environ.get('AWS_ACCESS_KEY_ID', 'YOUR_ACCESS_KEY_ID')
aws_secret_access_key = os.environ.get('AWS_SECRET_ACCESS_KEY', 'YOUR_SECRET_ACCESS_KEY')
aws_session_token = os.environ.get('AWS_SESSION_TOKEN', '') # Optional for temporary STS credentials
# Replace with your target AWS service region and canonical service name
aws_region = os.environ.get('AWS_REGION', 'us-east-1')
aws_service = os.environ.get('AWS_SERVICE', 's3') # e.g., 's3', 'es', 'execute-api'
if aws_access_key_id == 'YOUR_ACCESS_KEY_ID' or aws_secret_access_key == 'YOUR_SECRET_ACCESS_KEY':
print("WARNING: AWS credentials are not set in environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY). "
"Using placeholder values, which will likely fail authentication.")
# Construct the authentication object
auth = AWS4Auth(
aws_access_key_id,
aws_secret_access_key,
aws_region,
aws_service,
session_token=aws_session_token if aws_session_token else None
)
# Example endpoint for S3 (adjust to your specific AWS endpoint)
endpoint = f"https://s3.{aws_region}.amazonaws.com/"
print(f"Attempting to connect to: {endpoint} with service: {aws_service}")
try:
response = requests.get(endpoint, auth=auth)
response.raise_for_status() # Raise an exception for HTTP errors (4xx or 5xx)
print(f"Successfully authenticated and received status code: {response.status_code}")
# print(response.text) # Uncomment to see the response body
except requests.exceptions.HTTPError as e:
print(f"HTTP Error: {e.response.status_code} - {e.response.text}")
except requests.exceptions.RequestException as e:
print(f"Request failed: {e}")