AWS Signature Version 4 Using Named Credentials [duplicate]

Anyone tried Summer ’19 Named Credentials using AWS Signature Version 4 successfully? Trying again to use External Services and first step is the Credentials.

I created an IAM user with the appropriate perms and tested user successfully. Haven’t seen any Salesforce documentation on using this for Named Credentials, Ive seen the Apex examples there and here this is diff. We are using

Certificate: (blank)
Identity Type: Named Principal
Authentication Protocol: AWS Signature Version 4
AWS Access Key Id: 12345
AWS Secret Access Key: *****
AWS Region: us-east-1
AWS Service: mturk-requester

Was very unsure on these settings

Generate Authorization Header: TRUE
Allow Merge Fields in HTTP Header: TRUE
Allow Merge Fields in HTTP Body: TRUE

Got AWS region and name from

When trying to test this in Anonymous Apex getting

[7]|System.HttpResponse[Status=Forbidden, StatusCode=403]

When trying to run in Flow Debug mode am getting error:

System.CalloutException: Received error response – Invalid parameter
value “[hidden]” for parameter “Decryption Exception”..

The JSON isn’t correct so don’t expect it to work but hoping for a valid connection.


Got a PUT working for s3 today using AWS Signature Version 4 and then did some testing.

Generate authorization header must be checked on the named credential, else you will get access denied error.

The other two options (Allow Merge Fields in HTTP Header.Allow Merge Fields in HTTP Body) did not have any impact on my tests.

For s3, the url in the named credential itself must specify the bucket name, as the path per [the docs] is ( is

I have not used mturk so cant speak to that, but hopefully this is helpful.

Source : Link , Question Author : ddeve , Answer Author : gorav

Leave a Comment