Session Manager Plugin does not honor AWS_CA_BUNDLE / --ca-bundle

Question

Session Manager Plugin does not honor AWS_CA_BUNDLE / --ca-bundle

kjamieson-sdm opened this issue 2 years ago · 2 comments

Unlike other AWS CLI commands, aws ssm start-session does not currently honor the AWS_CA_BUNDLE environment variable / --ca-bundle CLI option to override the CA certificate bundle used to verify SSL certificates. session-manager-plugin appears to always use the default system root CA certificate bundle regardless of these parameters.

Answer 1 · 2023-05-16T21:43:58.000Z

i'm running into this as well, caused a bit of confusion since it isn't working like the rest of aws cli

(py39) bash-4.4$ cat errors.log 
2023-05-16 21:41:43 ERROR [OpenConnection @ websocketutil.go.63] Failed to dial websocket: x509: certificate signed by unknown authority
2023-05-16 21:41:43 ERROR [OpenDataChannel @ sessionhandler.go.49] Retrying connection for data channel id: botocore-session-1684273292-0b849af47232a9d46 failed with error: failed to open data channel with error: x509: certificate signed by unknown authority
2023-05-16 21:41:43 ERROR [OpenConnection @ websocketutil.go.63] Failed to dial websocket: x509: certificate signed by unknown authority
2023-05-16 21:41:44 ERROR [OpenConnection @ websocketutil.go.63] Failed to dial websocket: x509: certificate signed by unknown authority
2023-05-16 21:41:44 ERROR [OpenConnection @ websocketutil.go.63] Failed to dial websocket: x509: certificate signed by unknown authority
2023-05-16 21:41:45 ERROR [OpenConnection @ websocketutil.go.63] Failed to dial websocket: x509: certificate signed by unknown authority
2023-05-16 21:41:47 ERROR [OpenConnection @ websocketutil.go.63] Failed to dial websocket: x509: certificate signed by unknown authority
2023-05-16 21:41:50 ERROR [OpenConnection @ websocketutil.go.63] Failed to dial websocket: x509: certificate signed by unknown authority