Proposal: Allow modifying signature hostname
speller opened this issue · 13 comments
I'm trying to run awscurl to perform requests to the ES service through an SSH tunnel. The tunnel opens a local port connected to the ES service 443 port on the API endpoint. The tunnel is required to connect to a service not available to the public. The issue is that awscurl creates a signature using the URL passed in CLI. But the service hostname and port are different from the local URL. I need to make a signature using the real API endpoint, not using the local one. It would be nice to add this feature.
Answering my own question - it's possible to do with the host header passed. But the only issue is that the header name must be lower-case. This will not work: -H "Host: $ES_HOST".
Also, documenting this would be very helpful.
I think I’ve heard of something similar. Is that the same as specifying HOST header (different than hostname in the URL)?
Yes, the same. I just described why I need that. My actual URL passed to awscurl is something like https://host.docker.internal:10443. But the signature must be created for the real service API endpoint hostname.
Another minor suggestion: don't include the 443 port to the hostname to use in the signature if it was explicitly specified along with the https protocol. Using vpc-***.***.es.amazonaws.com:443 as the hostname in the signature cause validation failure.
Are you using latest version? I remember adding case insensitive logic before.
I'm using the latest version in the Docker container.
@speller Bumping up old thread. Would you review the above for the upcoming release?
@okigan sorry for the late reply. It seems trimming the default port should solve the issue.
Branch merged -- closing issue.