Automation 360

AWS Signature authentication

Download as PDF

AWS Signature authentication

Download as PDF

Updated: 2026/01/08

Connector Builder supports AWS Signature Version 4 (SigV4) authentication. This feature enables users to create packages using AWS that integrate with various AWS services such as EC2, S3, and Lambda.

Overview

Connector Builder provides the option to select AWS Signature as the authentication type. The AWS Signature Version 4 (SigV4) authenticates to AWS services using access keys, timestamp, and hash-based signatures without exposing sensitive credentials. Since AWS Signature V4 is the default signing protocol, this authentication method enables you to securely connect to all AWS services and third-party applications that use AWS Signature V4.

When using the package action, the user must enter AWS IAM access keys for authentication. The Control Room signs the API requests using cryptographic signatures.

Settings

To use AWS Signature as the authentication type, enable the Authenticated toggle and select AWS Signature from the Authentication type drop-down. You can configure the following settings for this authentication:

AWS Access Key ID: Enter your AWS Access Key ID. Go to Security credentials > Access keys in the IAM console to view the access key ID.
AWS Secret Access Key: Enter your AWS Secret Access Key. Ensure that you have noted your secret access key when you generated the access key ID as it is not visible later. You can generate a new access key if required.
AWS Region: Enter the region code in which your target service is hosted. Ensure that you enter the region code in the same format as it appears on the AWS Global View console.
Service name: Enter the AWS service identifier key for the target service. Ensure that you enter the service name in lowercase to align with the AWS naming conventions. For example, enter ec2 for EC2 service; For AWS service endpoints, see AWS service-specific endpoints. For third-party applications that use AWS Signature V4, refer to their documentation for the correct service name.
Location: This option sets the location of the signature settings in the actions within the package. The location is always set as header.

When the configured Authenticate action makes the required API call, the Connector Builder automatically includes the authorization, x-amz-date, and x-amz-content-sha256 headers to the call.

When you test the connector using the Test option, the outgoing API call is signed with AWS Signature V4.