Signing parameters

ParameterValue
AlgorithmAWS4-ECDSA-P256-SHA256
Service nameexecute-api
Region set* (required for multi-region routing)

Java (AWS SDK v2)

byte[] payloadBytes = jsonPayload.getBytes(StandardCharsets.UTF_8);
ContentStreamProvider bodyProvider = () -> new ByteArrayInputStream(payloadBytes);

SdkHttpFullRequest request = SdkHttpFullRequest.builder()
    .method(SdkHttpMethod.POST)
    .uri(URI.create("https://na.telematics.transportation.amazon.dev/v2/telemetry"))
    .putHeader("Content-Type", "application/json")
    .contentStreamProvider(bodyProvider)
    .build();

var credentials = (AwsCredentialsIdentity) DefaultCredentialsProvider.create()
    .resolveIdentity().join();

var signedRequest = (SdkHttpFullRequest) AwsV4aHttpSigner.create().sign(
    SignRequest.builder(credentials)
        .request(request)
        .payload(bodyProvider)  // required — hashes body into x-amz-content-sha256
        .putProperty(AwsV4aHttpSigner.SERVICE_SIGNING_NAME, "execute-api")
        .putProperty(AwsV4aHttpSigner.REGION_SET, RegionSet.GLOBAL)
        .build()
).request();

⚠️ .payload(bodyProvider) is required. Without it, x-amz-content-sha256 will contain the empty-string hash and the signature will be rejected with a 403.

Maven dependencies

<dependency>
  <groupId>software.amazon.awssdk</groupId>
  <artifactId>http-auth-aws</artifactId>
</dependency>
<dependency>
  <groupId>software.amazon.awssdk</groupId>
  <artifactId>http-auth-aws-crt</artifactId>
</dependency>
<dependency>
  <groupId>software.amazon.awssdk.crt</groupId>
  <artifactId>aws-crt</artifactId>
  <version>0.31.3</version>
</dependency>