Basic Authentication Process
Following is the series of tasks required to authenticate requests to AWS using an HMAC-SHA request signature. It's assumed you have already created an AWS account and created an Access Key ID and Secret Access Key. For more information about those, see Your AWS Account and Your Access Keys.
You perform the first three tasks.
Process for Authentication: Tasks You Perform
You construct a request to AWS.
You calculate a keyed-hash message authentication code (HMAC-SHA) signature using your Secret Access Key (for information about HMAC, see http://www.faqs.org/rfcs/rfc2104.html)
You include the signature and your Access Key ID in the request, and then send the request to AWS.
AWS performs the next three tasks.
Process for Authentication: Tasks AWS Performs
AWS uses the Access Key ID to look up your Secret Access Key.
AWS generates a signature from the request data and the Secret Access Key using the same algorithm you used to calculate the signature you sent in the request.
If the signature generated by AWS matches the one you sent in the request, the request is considered authentic. If the comparison fails, the request is discarded, and AWS returns an error response.