NGINX Reverse Proxy configuration with AWS Signature

Question

I am using nginx as a reverse proxy for my gateway. It is working with normal apis. However, its not working with AWS Signature. Says signature mismatch. I added proxy host , still it doesnt work. Pls help. Verified nginx logs, all headers are being passed. Issue with calculating the signature. Tried via postman and a working code using AWSSign sdk

location / {                                
                proxy_pass_request_headers on;
                proxy_pass_request_body on;                     
                proxy_pass_header x-api-key;
                proxy_pass_header Authorization;
                proxy_pass_header x-amz-content-sha256;
                proxy_pass_header x-amz-date;
                #proxy_pass_header Host;
                proxy_set_header Host $proxy_host;
                proxy_pass https://<gatewayid>.execute-api.<region-name>.amazonaws.com/<stage>/;
                proxy_http_version  1.1;                        
            }

Observing the logs of nginx, I could see the signature value and sha256 value are totally different from what I see in the postman.

Answer 1

Just a small change. It was expecting the path starting from stage till end of api path. So I removed stage name from proxy_pass and added it in the actual url, so the signature was calculated correctly. Override the host explicitly in postman with (gatewayid).execute-api.(region-name).amazonaws.com

location / {                                
                proxy_pass_request_headers on;
                proxy_pass_request_body on;                                     
                proxy_set_header Host $proxy_host;
                proxy_pass https://(gatewayid).execute-api.(region-name).amazonaws.com/;
                proxy_http_version  1.1;                        
            }