DVA-C02 · Question #137
A developer is developing an application that uses signed requests (Signature Version 4) to call other AWS services. The developer has created a canonical request, has created the string to sign, and
The correct answer is A. Add the signature to an HTTP header that is named Authorization. D. Add the signature to a query string parameter that is named X-Amz-Signature.. AWS Signature Version 4 allows the completed signature to be transmitted either in the HTTP Authorization header or as a query string parameter named X-Amz-Signature.
Question
A developer is developing an application that uses signed requests (Signature Version 4) to call other AWS services. The developer has created a canonical request, has created the string to sign, and has calculated signing information. Which methods could the developer use to complete a signed request? (Choose two.)
Options
- AAdd the signature to an HTTP header that is named Authorization.
- BAdd the signature to a session cookie.
- CAdd the signature to an HTTP header that is named Authentication.
- DAdd the signature to a query string parameter that is named X-Amz-Signature.
- EAdd the signature to an HTTP header that is named WWW-Authenticate.
How the community answered
(53 responses)- A89% (47)
- B2% (1)
- C6% (3)
- E4% (2)
Why each option
AWS Signature Version 4 allows the completed signature to be transmitted either in the HTTP Authorization header or as a query string parameter named X-Amz-Signature.
The Authorization HTTP header is the standard method for passing a Signature Version 4 signature; it contains the credential scope, signed headers list, and the computed signature in a structured format recognized by AWS services.
Session cookies are not a supported transport mechanism for AWS Signature Version 4; AWS APIs do not parse authentication information from cookies.
The correct header name is Authorization, not Authentication; AWS services will not recognize a signature placed in a non-standard Authentication header.
Pre-signed URLs use query string authentication where X-Amz-Signature is a designated query parameter that carries the signature, enabling shareable URLs without requiring the caller to have AWS credentials.
WWW-Authenticate is a response header used by servers to challenge clients for credentials in HTTP authentication schemes; it is not a valid request header for transmitting an AWS signature.
Concept tested: AWS Signature Version 4 transmission methods
Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html
Community Discussion
No community discussion yet for this question.