Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to specify endpoint-url in profile #1270

Closed
StFS opened this issue Apr 7, 2015 · 101 comments
Closed

Ability to specify endpoint-url in profile #1270

StFS opened this issue Apr 7, 2015 · 101 comments
Labels
configuration feature-request A feature should be added or improved. p2 This is a standard priority issue

Comments

@StFS
Copy link

StFS commented Apr 7, 2015

Currently I don't seem to be able to specify an endpoint URL in my profile. I always have to specify the --endpoint-url option on the command line.

I would like to be able to do something like the following (in my ~/.aws/config file):

[default]
region = us-east-1
output = json

[profile nextcode]
region = myregion-1a
output = json
endpoint-url = http://c.my.other.aws.compatable.service.com
@kyleknap
Copy link
Contributor

kyleknap commented Apr 7, 2015

@StFS
If you do not mind me asking, what is the specific use case do you need it for (like which service or services would you plan to use it for)? The thing with --endpoint-url is that the value set will most likely not apply across differing services. So if you configure a global endpoint url, it may work for one service, but you will run into errors if you try to make requests to other services.

I could see having a per-service configuration for endpoint-url, but I am having trouble imagining a global endpoint-url across all AWS services.

@kyleknap kyleknap added response-needed feature-request A feature should be added or improved. labels Apr 7, 2015
@StFS
Copy link
Author

StFS commented Apr 7, 2015

Thanks for your reply.

Basically, we use AWS for some things but we also have our own EC2/S3 compatable private cloud setup (we're using https://qstack.com/).

Maybe I'm misunderstanding something with this. I know that the endpoints seem to differ between whether you're "talking" S3 or EC2. Basically I think I want to be able to point one of my profiles to a different "set" of endpoints. The aws cli tool works fine for our AWS account, but when I want to use it for our private cloud setup I always have to specify both --profile (to get the credentials right) and --endpoint-url (so that aws contacts our private cloud endpoint instead of the AWS ones).

@StFS
Copy link
Author

StFS commented Apr 8, 2015

@kyleknap Am I totally out there with this?

@kyleknap
Copy link
Contributor

kyleknap commented Apr 8, 2015

@StFS
Your use case makes sense to me. I am not sure how many users have a similar use case. I think if we were to add it as a feature we would be more inclined to do it per service, instead of setting a global value for endpoint url. The good news is that if we were to add this feature you would be able to configure the endpoint url for each service per profile (so you can still just use --profile and not have to include --endpoint-url).

Marking as feature request.

@StFS
Copy link
Author

StFS commented Apr 10, 2015

Ok thanks for the response again.

I'm a bit confused about these endpoints. It seems that for AWS the endpoint may change depending on what region you're using and also what service you're using.

For us, we would only need to specify ec2_endpoint and s3_endpoint, is that what you mean by "per service"? Are there other services than EC2 and S3? I think I've seen something involving user management as well but I'm not quite sure.

@jerrycattell
Copy link

We have a similar use case (S3 alternative in Canada), and we would love to be able to configure the endpoint-url in the config file. Even if that means having a separate profile per service (currently it is only used for object storage), it would allow us to use the same commands in all of our environments.

@kennu
Copy link

kennu commented Oct 25, 2015

I think this would also be useful for configuring a "local" profile for accessing DynamoDB Local. Currently you have to write something like

aws --profile local --endpoint-url http://localhost:8000 dynamodb list-tables

@viniciussbs
Copy link

Same case here, @kennu. I have to set endpoint-url everytime I need to run some command on dynamodb-local.

I would love to set http://localhost:8000 as my default endpoint-url for dynamodb and set a blank endpoint-url to an production profile. It's more error-proof.

@mathurasri
Copy link

How to set dyanmodb local endpoint-url ? I am using ubuntu OS.

@shravanpn7
Copy link

+1 for feature-request.

I am currently using aws cli to access minio.io server and specifying --endpoint-url every time is a pain.

@slejworks
Copy link

I need this also, connecting to local dnyamodb and I don't want to specify the endpoint for each cmd, simple entry into the config will work for me so I can concentrate on the command. thanks.

@christians3
Copy link

+1 for this feature of allowing endpoint-url in the configuration file.

@philloooo
Copy link

if accepting endpoint-url on the top level doesn't make sense, what about accepting it on service level?
eg:

[profile development]
aws_access_key_id=foo
aws_secret_access_key=bar
s3 =
  endpoint-url = test.org

@jhalterman
Copy link

Similar use case, pointing to a Eucalyptus cloud. Would be nice to have a per-service config for endpoint-url.

@lincolnthomas
Copy link

How about also for the convenience of not having to type the --endpoint on the cmdline?

@wrsuarez
Copy link

+1

@jmarshall
Copy link

We have a third-party library that (as a minor aspect of its remote data access facilities) itself parses ~/.aws/credentials in order to construct the HTTP headers to access data in S3 buckets. Similarly to this issue, our users want to access their own S3-compatible data stores (cf samtools/htslib#436) and it would be useful if there were a standard well-known configuration file setting name for this purpose.

@jedi4ever
Copy link

👍

@tomviner
Copy link

We also have this use case, except our S3-like-service has a different authorisation scheme (a simple authorization: <token> header). How are people using aws-cli to authorise against their S3-like-services?

@wbingli
Copy link
Contributor

wbingli commented Jan 2, 2017

Check out this awscli plugin to set endpoint on profile: https://github.com/wbingli/awscli-plugin-endpoint

Once you install(pip install awscli-plugin-endpoint) and config plugin(aws configure set plugins.endpoint awscli_plugin_endpoint), you can set endpoint in your profile per service as following:

[profile local]
dynamodb =
    endpoint_url = http://localhost:8000

Now you can run command with this endpoint for this service with only profile name:

aws dynamodb list-tables --profile local

See more details on project homepage(https://github.com/wbingli/awscli-plugin-endpoint).

Let me know your feedback, :)

jmarshall added a commit to samtools/htslib that referenced this issue Jan 9, 2017
Allow the user to specify an endpoint other than s3.amazonaws.com.
This can be set using ~/.s3cfg's host_base setting (only; we ignore
host_bucket); when there's a blessed setting key for .aws/credentials,
we'll support it there too (perhaps endpoint_url; cf aws/aws-cli#1270).

Fixes (part of) #436.
@RichardBronosky
Copy link
Contributor

Just to be clear, this is not only a benefit for people who are running AWS-compatible competitive products. It would also benefit those of us who are trying to use Amazon tools for local/offline development. http://stackoverflow.com/a/32260680/117471 is an example with DynamoDB. Using different profiles allows us to run our code with different configs for different environments. Not allowing endpoint_url to be specified in ~/.aws/config means that we have to build logic into our apps to follow a different (although small) path depending on the environment. That is something that should be avoided.

@artgromov
Copy link

that is why i haven't migrate to aws-cli v2 yet

@ctavplay
Copy link

I have a slightly different use-case similar to @flickerfly's. Curious to hear if folks think I should file a separate issue.

This comes up when:

  • calling an API in one region from within a VPC that's in another, and
  • assuming a role before-hand by specifying the role_arn, role_session_name and credentials_source, in ~/.aws/config, and
  • the role being assumed has a condition requiring the use of the STS VPC endpont in your VPC

There appears to be no way for me to specify the specific STS endpoint to use in the config file.

Here's some sample code:

~/.aws/config

[default]
region = us-east-1
sts_regional_endpoints = regional
credential_source = EcsContainer
role_arn = arn:aws:iam::11111111:role/my_role
role_session_name = my_session

my_role's trust relationship:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::22222222:role/my-ecs-task"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "aws:SourceVpce": "vpce-01234deadbeef"
        }
      }
    }
  ]
}

Code running in the VPC containing the required STS VPC endpoint

$ aws --region us-west-2 s3 ls

The above errors out because the role can't be assumed.

@ctavplay
Copy link

Filed a new issue with a more targeted ask: #6754

@kellertk
Copy link
Contributor

Thank you for posting your feedback here, and our apologies that we’ve been thinking this over for a long time without much forward motion. There are similar requests to implement this feature in a few of the AWS SDKs and the AWS CLI, so in order to coordinate those teams - and hopefully make the discussions a little easier to follow - we’ve created a new issue in aws/aws-sdk here: aws/aws-sdk#229

@aws aws locked as resolved and limited conversation to collaborators Apr 26, 2022
@kdaily
Copy link
Member

kdaily commented May 12, 2022

Hi all,

We recently added a pull request (aws/aws-sdk#230) that contains a proposal based on community comments and suggestions and our own discussions. This document proposes to extend the options for configuring the endpoint to allow users to provide an endpoint URL independently for each AWS service via an environment variable or a profile subsection in the shared configuration file.

You can read the proposal here.

For more information on how to give feedback, please see this comment on the aws/aws-sdk repository:

aws/aws-sdk#229 (comment)

Thanks!

@kdaily
Copy link
Member

kdaily commented Jul 7, 2023

I'm happy to announce that the ability to configure the endpoint URL via the shared configuration file and environment variables is now available in the AWS CLI v1 and v2! You can now specify the endpoint to use for all service requests through the shared configuration file and environment variables, as well as specify the endpoint URL for individual AWS services.

To start using this feature, install the AWS CLI >=1.29.0 or >=2.13.0.

To read more about this feature, see the documentation page "Service-specific Endpoints" in the AWS SDKs and Tools Reference Guide:

https://docs.aws.amazon.com/sdkref/latest/guide/feature-ss-endpoints.html

Look forward to a blog post demonstrating the use of this feature with the AWS CLI on the AWS Developer Tools Blog!

@kdaily kdaily closed this as completed Jul 7, 2023
@github-actions
Copy link

github-actions bot commented Jul 7, 2023

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

@kdaily
Copy link
Member

kdaily commented Jul 28, 2023

I'm excited to announce that we have published an AWS Developer Blog post about this feature. Let us know in the feedback links on the post what you think!

https://aws.amazon.com/blogs/developer/new-improved-flexibility-when-configuring-endpoint-urls-with-the-aws-sdks-and-tools/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
configuration feature-request A feature should be added or improved. p2 This is a standard priority issue
Projects
None yet
Development

No branches or pull requests