search

awslabs / iam-roles-anywhere-session

This package provides an easy way to create a refreshable boto3 Session with AWS Roles Anywhere.
https://awslabs.github.io/iam-roles-anywhere-session/
Apache License 2.0
44 stars 7 forks source link

Not veryfying certificates by default #13

Open vk496 opened 1 month ago

vk496 commented 1 month ago

The PR #10 introduced a feature for using custom truststore.

However URLLib3Session default parameter for verify is True (https://github.com/boto/botocore/blob/fe6e5c56c56f40e802ca6dc9b4fc6bef1ede65ee/botocore/httpsession.py#L289), meanwhile for IAMRoleAnywhereSession is None.

That means that by default, people using this library will get a error like this:

/abra/kadabra/Python/farm/lib/python3.11/site-packages/urllib3/connectionpool.py:1061: InsecureRequestWarning: Unverified HTTPS request is being made to host 'rolesanywhere.us-east-1.amazonaws.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings

Workaround until is fixed is explicitly set verify=True

vk496 commented 1 month ago

Note: The verify=None works as expected with all other related boto sessions. It only happens with IAMRolesAnywhereSession()