From 26a730bf55617adb2c853af269c41b93169a73ba Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 30 Dec 2024 11:27:03 +0100
Subject: [PATCH] http/auth.md: mention AWS sigv4

Fixes #472
---
 http/auth.md | 26 ++++++++++++++++++++++++++
 index-words  |  2 ++
 2 files changed, 28 insertions(+)

diff --git a/http/auth.md b/http/auth.md
index 677f854108..f95fb41f68 100644
--- a/http/auth.md
+++ b/http/auth.md
@@ -55,3 +55,29 @@ ask for those methods too specifically:
     curl --digest --user daniel:secret http://example.com/
     curl --negotiate --user daniel:secret http://example.com/
     curl --ntlm --user daniel:secret http://example.com/
+
+## AWS sigv4
+
+The defacto authentication standard *AWS sigv4* is a little different than the
+other HTTP authentication mechnisms and thus you also use it differently.
+
+This option takes an additional string argument where you provide one or more
+data fields for the operation, separated by colons: *provider 1*, *provider
+2*, *region* and *service*.
+
+- *provider* are strings used by the algorithm when creating outgoing
+  authentication headers.
+
+- *region* is a name that points to a geographic area of a resource collection
+(region-code) when the region name is omitted from the endpoint.
+
+- *service* is a string that points to a function provided by a cloud
+(service-code) when the service name is omitted from the endpoint.
+
+Only the *provider 1* is mandatory to provide. The others are otherwise
+extracted from the hostname used in the URL.
+
+Example:
+
+    curl --aws-sigv4 "aws:amz:us-east-2:es" --user "key:secret" \
+        https://example.com
diff --git a/index-words b/index-words
index 57c958a786..97cc2d2850 100644
--- a/index-words
+++ b/index-words
@@ -2,6 +2,7 @@
 --alt-svc
 --anyauth
 --append
+--aws-sigv4
 --basic
 --ca-native
 --compressed
@@ -120,6 +121,7 @@
 ALPN
 apt
 Arch Linux
+AWS sigv4
 BearSSL
 bindings
 BoringSSL