The last weeks I worked on integrating Amazon S3 for a client. Normally using any web services is not much work as our CURL functions in the plugin handle the transfer thing with authentication and encryption. But for Amazon's web services, some extra work is needed.
So for next plugins, I implemented AWS4-HMAC-SHA256 signatures. They are required to authenticate and talk to the web services. To setup this, you pass our plugin the required informations: AWSAccessKeyId, AWSSecretAccessKey, Region, Service, Path, Domain, Verb, HashedPayload, Headers. The key and secret are available from Amazon on their website. The region defines where your server is, for me eu-central-1 with server in Frankfurt, Germany. The service in my case is s3. The path defines the path to the file, e.g. "/test.jpg". The domain can be calculated by plugin or overwritten by you. Usually it is something like s3.eu-central-1.amazonaws.com with various region names included. Verb defines which HTTP operation to do: get, put, delete or post.
The payload sent needs to be included in the signature. So if you provide the data to upload/send before our call to setup with our input functions, the plugin can hash it and include the hash. Or you provide a hash, a lowercase hex encoded SHA256. Especially when uploading a file which does not fit in memory, it may be an option to hash it yourself.
Next you can include various headers. The headers are included in the signature and passed to CURL for the transfer. Our plugin functions add extra headers for amazon and pass the URL to CURL with a few options. You can than add more options like SSL certificates and start the transfer.
The examples will show how to upload/download an image file to Amazon S3 in your bucket.
Coming soon with next plugin update.
PS: if you have older code for Amazon, you may need to update it to use AWS4-HMAC-SHA256, too. Newer regions only support the newer scheme and not the older signature system.