You can create a string to sign which contains the information of your request and the hash of the canonical request you created in Creating a Canonical Request.

You need to use this string to sign and a signing key you create later on to calculate the signature in Calculating a Signature.

To create the string to sign, you need to concatenate the following elements:

  • The signing algorithm
  • The date and time
  • The credential information
  • The hash of the canonical request

You do not need to do this procedure if you use AWS CLI or an SDK for your API request.

Before you begin: Complete the Creating a Canonical Request procedure.


  1. Specify the signing algorithm following this syntax (where \n is a newline character):

    Example of algorithm
    AWS4-HMAC-SHA256\n

    The signing algorithm corresponds to the function you used to calculate the hash of the canonical request. For example, if you used the SHA-256 function, the algorithm is AWS4-HMAC-SHA256.

  2. Add the date of the request following this syntax (where \n is a newline character):

    Example of request date
    20180915T163400Z\n

    This date must match the one you specified in Creating a Canonical Request and follow this format: YYYYMMDD'T'HHMMSS'Z'.

  3. Add the credential information following this syntax (where \n is a newline character):

    Example of credential information
    20180915/eu-west-2/ec2/aws4_request\n

    This string must include the following elements, separated by slash characters (/):

    • the date, in the following format: YYYYMMDD
    • the Region to which you send the request
    • the service you are requesting
    • a termination string
  4. Add the hash of the canonical request you created in Creating a Canonical Request.

    Example of hash of a canonical request
    0547bdda2966fc9a3a76269a3193bed373a56072cfa77949936bc2a556016f32

    The hashed canonical request must be lowercase base-16 encoded. For more information, see the section 8 of the RFC 4648.

    The string to sign is created.

    Example of string to sign
    AWS4-HMAC-SHA256
    20180915T163400Z
    20180915/eu-west-2/ec2/aws4_request
    0547bdda2966fc9a3a76269a3193bed373a56072cfa77949936bc2a556016f32
    

    You must use the string to sign to create the signature in Calculating a Signature.



AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.