aws-sso-cli icon indicating copy to clipboard operation
aws-sso-cli copied to clipboard
verified publisher icon synfinatic

SSL does not work for the ECS Server with AWS Python/boto3 SDK

Open synfinatic opened this issue 1 year ago • 1 comments

Due to a bug/limitation in the AWS Boto3 SDK (unsure about other SDKs), users are unable to set the required environment variable to: https://localhost:4144 as documented. Opened a ticket with AWS on the issue here: https://github.com/aws/aws-cli/issues/9016

Until this issue is resolved upstream, aws-sso-cli users using the ECS server must:

  1. Not enable/use SSL. Do not run aws-sso ecs cert load to load an SSL cert/private key
  2. Use AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:4144/

If you wish to manually add the certificate to the AWS SDK CA bundle or have the means to use certificate signed by a trusted CA, you can use aws-sso ecs cert load --force ... to load the necessary private key and certificate.

TBD: Does this issue impact other AWS SDK's (Go, Java, etc)

synfinatic avatar Jul 05 '24 17:07 synfinatic

Tested with the Go SDK v2 and doesn't work there either. :(

synfinatic avatar Jul 06 '24 21:07 synfinatic