old

src/custom/util.ts

@@ -1,7 +1,7 @@
 import axios from "axios";
 import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants";
 import AWS from "aws-sdk";
-import aws4 from "aws4";
+
 export const getAwsRegion = async () => {
 	const region = process.env.AWS_REGION; // Typically found in lambda runtime environment
 	if (region) {
@@ -51,29 +51,30 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re
 		});
 	});
 
-	console.log("creds", creds);
-
-	const signOpts = aws4.sign(
-		{
-			service: "sts",
-			path: `/?${body}`,
-			region,
-			host: `sts.${region}.amazonaws.com`
-		},
-		{
-			accessKeyId: creds.accessKeyId,
-			secretAccessKey: creds.secretAccessKey,
-			sessionToken: creds.sessionToken
-		}
-	);
-
-	const headers = {
-		...signOpts.headers
+	const iamRequestURL = `https://sts.${region}.amazonaws.com/`;
+	const iamRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";
+	const iamRequestHeaders = {
+		"Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
+		Host: `sts.${region}.amazonaws.com`
 	};
+
+	const request = new AWS.HttpRequest(new AWS.Endpoint(iamRequestURL), region);
+	request.method = "POST";
+	request.headers = iamRequestHeaders;
+
+	// @ts-expect-error -- .util is not typed
+	request.headers["X-Amz-Date"] = AWS.util.date.iso8601(new Date()).replace(/[:-]|\.\d{3}/g, "");
+	request.body = iamRequestBody;
+	request.headers["Content-Length"] = String(Buffer.byteLength(iamRequestBody));
+
+	// @ts-expect-error -- .Signers is not typed
+	const signer = new AWS.Signers.V4(request, "sts");
+	signer.addAuthorization(AWS.config.credentials, new Date());
+
 	return {
 		iamHttpRequestMethod: "POST",
-		iamRequestUrl: signOpts.host,
-		iamRequestBody: body,
-		iamRequestHeaders: headers
+		iamRequestUrl: Buffer.from(iamRequestURL).toString("base64"),
+		iamRequestBody: Buffer.from(iamRequestBody).toString("base64"),
+		iamRequestHeaders: Buffer.from(JSON.stringify(iamRequestHeaders)).toString("base64")
 	} as const;
 };