Cara menggunakan header python

Contoh program Python ini menunjukkan cara menggunakan Signature Versi 4 untuk menambahkan informasi otentikasi ke permintaan Amazon Translate. Contoh membuat permintaan POST, membuat struktur JSON yang berisi teks yang akan diterjemahkan dalam isi (payload) permintaan, dan meneruskan informasi otentikasi di header Otorisasi. Untuk informasi selengkapnya tentang penggunaan Signature Version 4, lihatProses Penandatanganan Signature Version 4di dalamReferensi Umum Amazon Web Services.

Pengaturan

Untuk menjalankan contoh, lakukan langkah-langkah berikut:

1. Instal AWS Command Line Interface (AWS CLI). ParameterAWS SDK for Python (Boto)disertakan saat Anda menginstalAWS CLI. Untuk petunjuk, lihat Langkah 2: MenyiapkanAWS Command Line Interface(AWS CLI).

2. BuatAWS Identity and Access Management(IAM) pengguna dengan kebijakan izin minimum yang diperlukan untuk menjalankan contoh ini. Untuk informasi tentang membuat pengguna IAM, lihatMembuat Pengguna IAM di Akun AWS Andadi dalamAWS Identity and Access ManagementPanduan Pengguna. Untuk kebijakan izin yang diperlukan, lihatKebijakan berbasis identitas Amazon Translate. Rekam ID kunci akses pengguna dan kunci akses rahasia.

3. Tempatkan ID kunci akses dan kunci akses rahasia dalam variabel lingkungan bernamaAWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY, masing-masing. Sebagai praktik terbaik, kami merekomendasikan bahwa Anda tidak menyematkan kredensi dalam kode.

4. Buat file baru di komputer Anda, salin kode untuk contoh (yang dapat Anda temukan di bagian berikutnya), tempelkan ke file, dan simpan file dengan ekstensi.py.

5. Dalam kode, gantiregiondengan nama Wilayah AWS tempat Anda ingin menjalankan Amazon TranslateTranslateTextOperasi. Untuk daftar Area yang didukung, lihatWilayah AWS dan Titik Akhirdi dalamAWSReferensi Umum.

Code

Berikut ini adalah kode lengkap dari program contoh Python.

Setelah membuat nilai permintaan seperti URL endpoint dan isi permintaan, kode melakukan hal berikut:

1. Membuat permintaan kanonik ke Amazon TranslateTranslateTextOperasi.

2. Membuat string yang Anda hash untuk membuat tanda tangan.

3. Hitung tanda tangannya.

4. Tambahkan tanda tangan ke header permintaan.

5. Kirim permintaan keTranslateTextOperasi.

Untuk menjalankan contoh di komputer Anda, salin kode ke file Python.

# AWS Version 4 signing example

# Translate API (TranslateText)

# For more information about using Signature Version 4, see http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html.
# This example makes a POST request to Amazon Translate and 
# passes the text to translate JSON in the body (payload) 
# of the request. Authentication information is passed in an 
# Authorization header.
import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests

# ************* REQUEST VALUES *************
method = 'POST'
service = 'translate'
region = 'region'
host = service + '.' + region + '.amazonaws.com'
endpoint = 'https://' + host + '/'

# POST requests use a content type header. For Amazon Translate,
# the content is JSON.
content_type = 'application/x-amz-json-1.1'
# Amazon Translate requires an x-amz-target header that has this format:
#     AWSShineFrontendService_20170701.<operationName>.
amz_target = 'AWSShineFrontendService_20170701.TranslateText'

# Pass request parameters for the TranslateText operation in a JSON block.
request_parameters =  '{'
request_parameters +=  '"Text": "Hello world.",'
request_parameters +=  '"SourceLanguageCode": "en",'
request_parameters +=  '"TargetLanguageCode": "de"'
request_parameters +=  '}'

# The following functions derive keys for the request. For more information, see
# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python.
def sign(key, msg):
    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()

def getSignatureKey(key, date_stamp, regionName, serviceName):
    kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'aws4_request')
    return kSigning

# Python can read the AWS access key from environment variables or the configuration file. 
# In this example, keys are stored in environment variables. As a best practice, do not 
# embed credentials in code.
access_key = os.environ.get('AWS_ACCESS_KEY_ID')
secret_key = os.environ.get('AWS_SECRET_ACCESS_KEY')
if access_key is None or secret_key is None:
    print 'No access key is available.'
    sys.exit()

# Create a timestamp for headers and the credential string.
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ')
date_stamp = t.strftime('%Y%m%d') # The date without time is used in the credential scope.


# ************* TASK 1: CREATE A CANONICAL REQUEST *************
# For information about creating a canonical request, see http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html.

# Step 1: Define the verb (GET, POST, etc.), which you have already done.

# Step 2: Create a canonical URI. A canonical URI is the part of the URI from domain to query. 
# string (use '/' if no path)
canonical_uri = '/'

## Step 3: Create the canonical query string. In this example, request
# parameters are passed in the body of the request and the query string
# is blank.
canonical_querystring = ''

# Step 4: Create the canonical headers. Header names must be trimmed,
# lowercase, and sorted in code point order from low to high.
# Note the trailing \n.
canonical_headers = 'content-type:' + content_type + '\n' + 'host:' + host + '\n' + 'x-amz-date:' + amz_date + '\n' + 'x-amz-target:' + amz_target + '\n'

# Step 5: Create the list of signed headers by listing the headers
# in the canonical_headers list, delimited with ";" and in alphabetical order.
# Note: The request can include any headers. Canonical_headers and
# signed_headers should contain headers to include in the hash of the
# request. "Host" and "x-amz-date" headers are always required.
# For Amazon Translate, content-type and x-amz-target are also required.
signed_headers = 'content-type;host;x-amz-date;x-amz-target'

# Step 6: Create the payload hash. In this example, the request_parameters
# variable contains the JSON request parameters.
payload_hash = hashlib.sha256(request_parameters).hexdigest()

# Step 7: Combine the elements to create a canonical request.
canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash


# ************* TASK 2: CREATE THE STRING TO SIGN*************
# Set the algorithm variable to match the hashing algorithm that you use, either SHA-256 (recommended) or SHA-1. 
# 
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = date_stamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' +  amz_date + '\n' +  credential_scope + '\n' +  hashlib.sha256(canonical_request).hexdigest()


# ************* TASK 3: CALCULATE THE SIGNATURE *************
# Create the signing key using the getSignaturKey function defined above.
signing_key = getSignatureKey(secret_key, date_stamp, region, service)

# Sign the string_to_sign using the signing_key.
signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()


# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************
# Put the signature information in a header named Authorization.
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' +  'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature

# For Amazon Translate, the request can include any headers, but it must include "host," "x-amz-date,"
# "x-amz-target," "content-type," and "Authorization" headers. Except for the authorization
# header, the headers must be included in the canonical_headers and signed_headers values, as
# noted earlier. Header order is not significant.
# Note: The Python 'requests' library automatically adds the 'host' header.
headers = {'Content-Type':content_type,
           'X-Amz-Date':amz_date,
           'X-Amz-Target':amz_target,
           'Authorization':authorization_header}


# ************* TASK 5: SEND THE REQUEST *************
print 'Request:\n\t' + request_parameters

response = requests.post(endpoint, data=request_parameters, headers=headers)
print 'Response:\n\t' + response.text