• Stars
    star
    195
  • Rank 199,374 (Top 4 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created almost 8 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An awscli plugin to configure service endpoint from aws configure file

awscli-plugin-endpoint

This awscli plugin provides service endpoint configuration per service on profile.


Installation

The easiest way to install awscli-plugin-endpoint is to use pip:

$ pip install awscli-plugin-endpoint

You can also install the latest package from GitHub source which can contain changes not yet pushed to PyPI:

$ pip install git+https://github.com/wbingli/awscli-plugin-endpoint.git

or, if you install awscli via Homebrew, which bundles its own python, install as following:

$ /usr/local/opt/awscli/libexec/bin/pip install awscli-plugin-endpoint

Regardless of the installation method, make note of the package installation path (e.g. ~/Library/Python/3.7/lib/python/site-packages). It will be needed if you are using AWS CLI v2.


Getting Started

Before using awscli-plugin-endpoint plugin, you need to configure awscli first.

MUST: Once that's done, to enable awscli-plugin-endpoint plugin, you can run:

$ aws configure set plugins.endpoint awscli_plugin_endpoint

The above command adds below section to your aws config file. You can also directly edit your ~/.aws/config with below configuration.

[plugins]
endpoint = awscli_plugin_endpoint

If you are configuring AWS CLI v2 to use the endpoint plugin, you will need to add an additional configuration setting, replacing "site-packages-path" with the installation path noted above:

$ aws configure set plugins.cli_legacy_plugin_path site-packages-path

The configuration file will now have two values in the plugin section:

[plugins]
endpoint = awscli_plugin_endpoint
cli_legacy_plugin_path = site-packages-path

To add endpoint configure to a profile(assuming you have a local profile), you can run:

$ aws configure --profile local set dynamodb.endpoint_url http://localhost:8000

The above command adds below section to your profile:

[profile local]
dynamodb =
    endpoint_url = http://localhost:8000

Now you can access your local dynamodb just use profile:

$ aws dynamodb list-tables --profile local

One more example with S3 configuration

Add endpoint configuration to the profile:

$ aws configure --profile wasabi set s3.endpoint_url https://s3.wasabisys.com

The profile will looks like below:

[profile wasabi]
region = us-east-1
s3 =
    endpoint_url = https://s3.wasabisys.com

Now you can use aws s3 command with this profile as following:

$ aws s3 ls --profile wasabi

One more thing, the endpoint is technically per sub command. Take S3 as example, above S3 configuration will not work for S3 low level CLI aws s3api. To make s3api work with this endpoint, you should add endpoint to this sub command as well:

[profile wasabi]
region = us-east-1
s3 =
    endpoint_url = https://s3.wasabisys.com
s3api =
    endpoint_url = https://s3.wasabisys.com

Now you can use aws s3api command with this profile as following:

$ aws s3api --profile wasabi list-buckets

Working with Secure Connections

By default, awscli verifies the certificates presented for all HTTPS requests. There are two options for working with self-signed or otherwise untrusted certificates:

  • ca_bundle

    If the certificate is long-lived, or any new certificates will be issued by a long-lived certificate authority, you may want to provide an alternate set of trusted certificates with ca_bundle. This is comparable to the --ca-bundle command line option, and may be specified either per-profile or per-subcommand:

    [profile local1]
    ca_bundle = /path/to/bundle.crt
    s3 =
        endpoint_url = https://localhost:8000
    
    [profile local2]
    ec2 =
        ca_bundle = /path/to/another-bundle.crt
        endpoint_url = https://localhost:8888
    
  • verify_ssl

    If the certificate will be frequently refreshed, you may want to simply disable verification with verify_ssl = false. This is comparable to the --no-verify-ssl command line option:

    [profile local]
    dynamodb =
        verify_ssl = false
        endpoint_url = https://localhost:8000