Overbearing proxy server and details of hostname(s)

trek10inc / awsume

A utility for easily assuming AWS IAM roles from the command line.

https://awsu.me

MIT License

497 stars 90 forks source link

Overbearing proxy server and details of hostname(s) #17

Closed jlucktay closed 6 years ago

jlucktay commented 6 years ago

Hi there, I'm working on a client site with a very restrictive proxy server setup.

It's a cluster of poorly-configured BlueCoat instances and they are interfering with our traffic to AWS, and sometimes blocking the requests.

I've tried divining this with the --debug option but it doesn't show me the URL(s) of the host(s) at AWS that it's attempting to contact, in order to do MFA/STS/role switch things.

Is there a short list of these URLs available somewhere, for proxy whitelisting?

felipe1982 commented 6 years ago

Could this be relevant?

http://docs.aws.amazon.com/general/latest/gr/rande.html

mbarneyjr commented 6 years ago

@jlucktay Awsume only makes calls to AWS STS using the boto3 client. Please let us know if the link @felipe1982 posted is what you are looking for, so we can close the issue.

jlucktay commented 6 years ago

There is a call to Boto3 from Awsume here with the region for STS hard-coded to us-east-1 so I'm going to see about having the below domains whitelisted, then see how we go:

sts.amazonaws.com
sts.us-east-1.amazonaws.com