Page updated Nov 8, 2023

Escape hatch

As an alternative to the Amplify client libraries, or in situations where the libraries do not provide the functionality you require, the underlying AWS services can be communicated with directly using an HTTP client and the AWS Signature V4 (SigV4) package.

Using the Signer

To get started using the signer, add it as a dependency in your pubspec.yaml like the following:

2 aws_common: ^0.4.0
3 aws_signature_v4: ^0.3.0

After that create an instance of the signer in your project.

1import 'package:aws_signature_v4/aws_signature_v4.dart';
3const signer = AWSSigV4Signer();

AWS credentials are configured in the signer by overriding the credentialsProvider parameter of the constructor. By default, the signer pulls credentials from your environment via the AWSCredentialsProvider.environment() provider. On mobile and web, this means using the Dart environment which is configured by passing the dart-define flag to your flutter commands, like the following:

1$ flutter run --dart-define=AWS_ACCESS_KEY_ID=... --dart-define=AWS_SECRET_ACCESS_KEY=...

On Desktop, credentials are retrieved from the system's environment using Platform.environment.

Signing a Request

The signer works by transforming HTTP requests using your credentials to create signed HTTP requests which can be sent off in the same way as normal HTTP requests.

As an example, here's how you would sign a request to Cognito to gather information about a User Pool.

1import 'dart:convert';
3import 'package:aws_common/aws_common.dart';
4import 'package:aws_signature_v4/aws_signature_v4.dart';
6// Create the signer instance with credentials from the environment.
7const AWSSigV4Signer signer = AWSSigV4Signer(
8 credentialsProvider: AWSCredentialsProvider.environment(),
11// Create the signing scope and HTTP request
12const region = '<YOUR-REGION>';
14Future<void> main() async {
15 final scope = AWSCredentialScope(
16 region: region,
17 service: AWSService.cognitoIdentityProvider,
18 );
20 final request = AWSHttpRequest(
21 method:,
22 uri: Uri.https('cognito-idp.$', '/'),
23 headers: const {
24 'AWSCognitoIdentityProviderService.DescribeUserPool',
25 AWSHeaders.contentType: 'application/x-amz-json-1.1',
26 },
27 body: json.encode({
28 'UserPoolId': '<YOUR-USER-POOL-ID>',
29 }).codeUnits,
30 );
32 // Sign and send the HTTP request
33 final signedRequest = await signer.sign(
34 request,
35 credentialScope: scope,
36 );
37 final resp = await signedRequest.send();
38 final respBody = await resp.decodeBody();
39 safePrint(respBody);

For a full example, check out the example project in the GitHub repo. And for specifics on the different AWS operations you can perform, check out the AWS API Reference docs for the service. For example, here are the docs for the DescribeUserPool API used above.