Overview
NOTE:
AWS Webhook Integration is available on specific pricing plans.
Contact us
if you are interested in learning more about this feature.
Overview
AWS offers over 100 cloud services, with the most prominent examples being data stores (S3, DynamoDB), serverless engines (Lambda), queuing systems (SQS) and many more. Most AWS services use AWS Signature Version 4 to authenticate requests to their APIs. Computing the signature requires a prepared canonical request (a request without theAuthorization header) and AWS credentials. They are all used as the input for the AWS Signature Version 4 algorithm. Its output is a value that should be used as the Authorization header.
The headers and body values of a webhook are likely changing between individual requests. This means the canonical request will differ and previously computed Authorization headers will be invalid. The proxy that the AWS Webhook Integration is using will re-compute the signature for every request.
If you have AWS Webhook Integration enabled you can use its proxy within a webhook so all requests will be automatically signed. You can either start from a webhook template or follow these steps to configure it manually:
- Create a webhook performing a canonical AWS request to the service you use. All standard features available for webhooks are available.
- Replace
amazonaws.comwithawsproxy.contentful.comin the webhook URL. - Set a
X-Contentful-AWS-Proxy-Key-Idheader with your AWS Access Key ID. - Set a
X-Contentful-AWS-Proxy-Secretheader with your AWS Secret Access Key.
Important: Make sure it’s marked as secret.
- Optional: you can set a
X-Contentful-AWS-Proxy-Content-Typeheader to a customContent-Typevalue if a service being called requires it (for exampleapplication/x-amz-json-1.0).
NOTE: The proxy is an internal system and cannot be accessed from the public Internet. Only our webhook system can use this proxy.