Due to a bug/limitation in the AWS Boto3 SDK (unsure about other SDKs), users are unable to set the required environment variable to: https://localhost:4144 as documented. Opened a ticket with AWS on the issue here: https://github.com/aws/aws-sdk/issues/774
Until this issue is resolved upstream, aws-sso-cli users using the ECS server must:
Not enable/use SSL. Do not run aws-sso ecs cert load to load an SSL cert/private key
Use AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:4144/
If you wish to manually add the certificate to the AWS SDK CA bundle or have the means to use certificate signed by a trusted CA, you can use aws-sso ecs cert load --force ... to load the necessary private key and certificate.
TBD: Does this issue impact other AWS SDK's (Go, Java, etc)
Due to a bug/limitation in the AWS Boto3 SDK (unsure about other SDKs), users are unable to set the required environment variable to:
https://localhost:4144
as documented. Opened a ticket with AWS on the issue here: https://github.com/aws/aws-sdk/issues/774Until this issue is resolved upstream,
aws-sso-cli
users using the ECS server must:aws-sso ecs cert load
to load an SSL cert/private keyUse
AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:4144/
If you wish to manually add the certificate to the AWS SDK CA bundle or have the means to use certificate signed by a trusted CA, you can use
aws-sso ecs cert load --force ...
to load the necessary private key and certificate.TBD: Does this issue impact other AWS SDK's (Go, Java, etc)