Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Feb 21, 2024

Escape hatch

As an alternative to the Amplify client libraries, or in situations where the libraries do not provide the functionality you require, the underlying AWS services can be communicated with directly using an HTTP client and the AWS Signature V4 (SigV4) package.

Using the Signer

To get started using the signer, add it as a dependency in your pubspec.yaml like the following:

aws_common: ^0.4.0
aws_signature_v4: ^0.3.0

After that create an instance of the signer in your project.

import 'package:aws_signature_v4/aws_signature_v4.dart';
const signer = AWSSigV4Signer();

AWS credentials are configured in the signer by overriding the credentialsProvider parameter of the constructor. By default, the signer pulls credentials from your environment via the AWSCredentialsProvider.environment() provider. On mobile and web, this means using the Dart environment which is configured by passing the dart-define flag to your flutter commands, like the following:

$ flutter run --dart-define=AWS_ACCESS_KEY_ID=... --dart-define=AWS_SECRET_ACCESS_KEY=...

On Desktop, credentials are retrieved from the system's environment using Platform.environment.

Signing a Request

The signer works by transforming HTTP requests using your credentials to create signed HTTP requests which can be sent off in the same way as normal HTTP requests.

As an example, here's how you would sign a request to Cognito to gather information about a User Pool.

import 'dart:convert';
import 'package:aws_common/aws_common.dart';
import 'package:aws_signature_v4/aws_signature_v4.dart';
// Create the signer instance with credentials from the environment.
const AWSSigV4Signer signer = AWSSigV4Signer(
credentialsProvider: AWSCredentialsProvider.environment(),
// Create the signing scope and HTTP request
const region = '<YOUR-REGION>';
Future<void> main() async {
final scope = AWSCredentialScope(
region: region,
service: AWSService.cognitoIdentityProvider,
final request = AWSHttpRequest(
uri: Uri.https('cognito-idp.$', '/'),
headers: const { 'AWSCognitoIdentityProviderService.DescribeUserPool',
AWSHeaders.contentType: 'application/x-amz-json-1.1',
body: json.encode({
'UserPoolId': '<YOUR-USER-POOL-ID>',
// Sign and send the HTTP request
final signedRequest = await signer.sign(
credentialScope: scope,
final resp = await signedRequest.send();
final respBody = await resp.decodeBody();

For a full example, check out the example project in the GitHub repo. And for specifics on the different AWS operations you can perform, check out the AWS API Reference docs for the service. For example, here are the docs for the DescribeUserPool API used above.