search

synfinatic / aws-sso-cli

A powerful tool for using AWS Identity Center for the CLI and web console.
https://synfinatic.github.io/aws-sso-cli/
GNU General Public License v3.0
447 stars 55 forks source link

SSL does not work for the ECS Server with AWS Python/boto3 SDK #936

Open synfinatic opened 2 months ago

synfinatic commented 2 months ago

Due to a bug/limitation in the AWS Boto3 SDK (unsure about other SDKs), users are unable to set the required environment variable to: https://localhost:4144 as documented. Opened a ticket with AWS on the issue here: https://github.com/aws/aws-sdk/issues/774

Until this issue is resolved upstream, aws-sso-cli users using the ECS server must:

  1. Not enable/use SSL. Do not run aws-sso ecs cert load to load an SSL cert/private key

  2. Use AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:4144/

    If you wish to manually add the certificate to the AWS SDK CA bundle or have the means to use certificate signed by a trusted CA, you can use aws-sso ecs cert load --force ... to load the necessary private key and certificate.

    TBD: Does this issue impact other AWS SDK's (Go, Java, etc)

synfinatic commented 2 months ago

Tested with the Go SDK v2 and doesn't work there either. :(