ReqManagedAgents.AgentCore.SigV4 (ReqManagedAgents v0.1.0)

Copy Markdown View Source

SigV4 request signing for the bedrock-agentcore AWS service, reusing the :ex_aws_auth signer. The signer is service-parameterized, so the same call signs both the data plane (bedrock-agentcore.<region>) and the control plane (bedrock-agentcore-control.<region>) — pass service: "bedrock-agentcore".

Infra-agnostic: credentials come from the caller or ENV; nothing here knows about any particular endpoint behind the URL.

Summary

Functions

Resolve credentials from the standard AWS_* env vars (session-token aware).

Return the signed header list for method/url/body. Caller attaches these to the request. :credentials defaults to from_env/0; :service defaults to "bedrock-agentcore"; :headers are base headers folded into the canonical set.

Types

creds()

@type creds() :: %{
  access_key_id: String.t(),
  secret_access_key: String.t(),
  region: String.t(),
  security_token: String.t() | nil
}

Functions

from_env()

@spec from_env() :: creds()

Resolve credentials from the standard AWS_* env vars (session-token aware).

sign_request(method, url, body, opts \\ [])

@spec sign_request(atom(), String.t(), iodata(), keyword()) :: [
  {String.t(), String.t()}
]

Return the signed header list for method/url/body. Caller attaches these to the request. :credentials defaults to from_env/0; :service defaults to "bedrock-agentcore"; :headers are base headers folded into the canonical set.

Returns a list of {header_name, header_value} tuples. The authorization and x-amz-date headers are always present; x-amz-security-token is included when a security_token is set in the credentials.