Open pabloariasmora opened 5 years ago
@pabloariasmora, can I ask why you want to disable SSL? When you do that, all of your traffic between your client and the AWS services is no longer encrypted - a significant security risk in this day and age. How would turning it off all the time benefit you? Thanks!
Thanks for the reply @bisdavid
The problem is that there is a issue in the current office that I work on with the Proxy, it overrides de SSL certificates from AWS with ones provided by it (and is going to take a while to fix it), so my sam-cli cannot connect to deploy my code, because the login depends on the aws-cli, and the general process shows a SSL certificate issue. Since I'm using IntelliJ as IDE with the AWS Toolkit plugin, I don't have access control directly the flow for the deploy, but I do have access to the config files, so having an option in the config to recreate the same input as the args will help me out for now.
PD: I know that is a general security risk, but I was mainly thinking that since the options is already supported as arg, why not as a input from a config file.
@pabloariasmora - Thanks for posting this issue. I'm marking it as a feature request and needs-discussion as this is not best practice. I think the security risk out weighs the benefits and this is something we may not want to implement.
this feature should not disable SSL but just skipping the cert check for self-signed certs kind of scenarios... say your employer has an inline proxy for decrypting ssl traffic for Intellectual Property egress checking.
My company is using man-in-the-middle proxy that intercepts SSL connection. I would like to have this feature as well so that I did not have to keep typing --no-verify-ssl
Another option is to trust the cert that is provided by my company inside Internet Explorer and Google Chrome
I am in need to use Java client to interact with my local Minio S3 instance. In this scenario, it is very useful to have this feature.
Its been a while, any buzz on this, anybody?
Hi, ** , I'm no longer the CLI writer (I'm working on AWS Organizations and AWS Resource Groups now), but I see that ***** marked it as a feature request, so someone on the engineering team will be triaging this and considering it for a future release (I have no insight to that process, sorry). \<Redacted names>
@jacobisaliveandwell how do you solve this problem before new patch?
@pabloariasmora as a workaround, you can just add an alias something like aws="aws --no-verify-ssl" to your bashrc file
In need of this feature. Any update on this?
This feature would help with terraform S3 endpoints that have self-signed certs. Currently there is no way of passing the --no-verify-ssl flag to terraform. So an option to have an env var AWS_S3_NO_VERIFY_SSL=true would help a lot in this case.
--no-verify-ssl
logic already exists so I don't imagine this to be a huge change or controversial to add env var for the same functionality right?
Also need this for an internally hosted S3 compatible services.
Any progress on this? Our corporate man-in-the-middle proxy twiddles with all the SSL connections for inspections, so using --no-verify-ssl
is the only way we can get work actually performed while the request for a proper fix is winding its way through the bowels of the IT department. Unfortunately adding --no-verify-ssl
isn't viable when some of the AWS CLI invocations are not done by humans.
Having a configuration file option or environment variable to trigger the already-existing behavior would let a lot of programmers make a lot more progress.
I believe this could alternatively be addressed by https://github.com/aws/aws-sdk/issues/748 (trusting OS certificates), but there was no answer to this either yet.
Any update on this? This is a bit strange this command line option does not have its config file equivalent.
Hey guys! Do you think to do smth with it?
Hey. I tried no_verify_ssl = 1
and ssl_verify_hostname = 0
in my $HOME/.aws/config
but neither worked, I guess, it's not implemented yet.
This command should have the following option enabled as part of the config file
aws s3 ls --no-verify-ssl
============== config [default] ssl=False
Or something similar.