- Notifications
You must be signed in to change notification settings - Fork97
curl-like access to AWS resources with AWS Signature Version 4 request signing.
License
NotificationsYou must be signed in to change notification settings
okigan/awscurl
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
curl-like tool with AWS Signature Version 4 request signing.
- performs requests to AWS services with request signing using curl interface
- supports IAM profile credentials
Requests to AWS API must be signed (seeSigning AWS API Requests)automates the process of signing and makes requests to AWS as simple as a standard curl command.
pip install awscurl
pip install git+https://github.com/okigan/awscurl
brew install awscurl
docker pull okigan/awscurl# or via docker pull ghcr.io/okigan/awscurlor via Github docker registry
docker pull ghcr.io/okigan/awscurl
then
$ docker run --rm -it okigan/awscurl --access_key ACCESS_KEY --secret_key SECRET_KEY --service s3 s3://...# or allow access to local credentials as following$ docker run --rm -it -v"$HOME/.aws:/root/.aws" okigan/awscurl --service s3 s3://...
To shorten the length of docker commands use the following alias:
alias awscurl='docker run --rm -ti -v "$HOME/.aws:/root/.aws" -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SECURITY_TOKEN -e AWS_PROFILE okigan/awscurl'
This will allow you to run awscurl from within a Docker container as if it was installed on the host system:
awscurl
Call S3: List bucket content
$ awscurl --service s3'https://awscurl-sample-bucket.s3.amazonaws.com'| tidy -xml -iq<?xml version="1.0" encoding="utf-8"?><ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>awscurl-sample-bucket</Name><Prefix></Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><IsTruncated>false</IsTruncated><Contents><Key>awscurl-sample-file.txt</Key><LastModified>2017-07-25T21:27:38.000Z</LastModified><ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag><Size>0</Size><StorageClass>STANDARD</StorageClass></Contents></ListBucketResult>
Call EC2:
$ awscurl --service ec2'https://ec2.amazonaws.com?Action=DescribeRegions&Version=2013-10-15'| tidy -xml -iq<?xml version="1.0" encoding="utf-8"?><DescribeRegionsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-15/"><requestId>96511ccd-2d6d-4d63-ad9b-6be6f2c9874d</requestId><regionInfo><item><regionName>eu-north-1</regionName><regionEndpoint>ec2.eu-north-1.amazonaws.com</regionEndpoint></item><item><regionName>ap-south-1</regionName><regionEndpoint>ec2.ap-south-1.amazonaws.com</regionEndpoint></item></regionInfo></DescribeRegionsResponse>
Call API Gateway:
$ awscurl --service execute-api -X POST -d @request.json \ https://<prefix>.execute-api.us-east-1.amazonaws.com/<resource>
usage: __main__.py [-h] [-v] [-i] [-X REQUEST] [-d DATA] [-H HEADER] [-k] [--fail-with-body] [--data-binary] [--region REGION] [--profile PROFILE] [--service SERVICE] [--access_key ACCESS_KEY] [--secret_key SECRET_KEY] [--security_token SECURITY_TOKEN] [--session_token SESSION_TOKEN] [-L] [-o<file>] uriCurl AWS request signingpositional arguments: urioptions: -h, --help show thishelp message andexit -v, --verbose verbose flag (default: False) -i, --include include headersin the output (default: False) -X REQUEST, --request REQUEST Specify requestcommand to use (default: GET) -d DATA, --data DATA HTTP POST data (default: ) -H HEADER, --header HEADER HTTP header (default: None) -k, --insecure Allow insecure server connections when using SSL (default: False) --fail-with-body Fail on HTTP errors but save the body (default: False) --data-binary Process HTTP POST data exactly as specified with no extra processing whatsoever. (default: False) --region REGION AWS region [env var: AWS_DEFAULT_REGION] (default: us-east-1) --profile PROFILE AWS profile [env var: AWS_PROFILE] (default: default) --service SERVICE AWS service (default: execute-api) --access_key ACCESS_KEY [env var: AWS_ACCESS_KEY_ID] (default: None) --secret_key SECRET_KEY [env var: AWS_SECRET_ACCESS_KEY] (default: None) --security_token SECURITY_TOKEN [env var: AWS_SECURITY_TOKEN] (default: None) --session_token SESSION_TOKEN [env var: AWS_SESSION_TOKEN] (default: None) -L, --location Follow redirects (default: False) -o<file>, --output<file> Write to file instead of stdout (default: ) In general, command-line values override environment variables which override defaults.
If you do not specify the--access_key or--secret_key(or environment variables),awscurl will attempt to usethe credentials you set in~/.aws/credentials. If youdo not specify a--profile orAWS_PROFILE,awscurlusesdefault.
- AWS Documentation
- Onica blog
- QnA onStackOverflow
- QnA onDevOps StackExchange
- Examples onGolfbert
- awscurl in Go:
- awscurl in Lisp:https://github.com/aw/picolisp-awscurl
- awscurl on DockerHub:https://hub.docker.com/r/okigan/awscurl
- aws-signature-proxy and relatedblog post
- aws-sigv4-proxy on awslabs
About
curl-like access to AWS resources with AWS Signature Version 4 request signing.