curl-like tool with AWS Signature Version 4 request signing.
- performs requests to AWS services with request signing using curl interface
- supports IAM profile credentials
Requests to AWS API must be signed (see Signing AWS API Requests) automates the process of signing and makes requests to AWS as simple as a standard curl command.
pip install awscurl
pip install git+https://github.com/okigan/awscurl
brew install awscurl
docker pull okigan/awscurl # or via docker pull ghcr.io/okigan/awscurl
or via Github docker registry
docker pull ghcr.io/okigan/awscurl
then
$ docker run --rm -it okigan/awscurl --access_key ACCESS_KEY --secret_key SECRET_KEY --service s3 s3://...
# or allow access to local credentials as following
$ docker run --rm -it -v "$HOME/.aws:/root/.aws" okigan/awscurl --service s3 s3://...
To shorten the length of docker commands use the following alias:
alias awscurl='docker run --rm -ti -v "$HOME/.aws:/root/.aws" -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SECURITY_TOKEN -e AWS_PROFILE okigan/awscurl'
This will allow you to run awscurl from within a Docker container as if it was installed on the host system:
awscurl
-
Call S3: List bucket content
$ awscurl --service s3 'https://awscurl-sample-bucket.s3.amazonaws.com' | tidy -xml -iq <?xml version="1.0" encoding="utf-8"?> <ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <Name>awscurl-sample-bucket</Name> <Prefix></Prefix> <Marker></Marker> <MaxKeys>1000</MaxKeys> <IsTruncated>false</IsTruncated> <Contents> <Key>awscurl-sample-file.txt</Key> <LastModified>2017-07-25T21:27:38.000Z</LastModified> <ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag> <Size>0</Size> <StorageClass>STANDARD</StorageClass> </Contents> </ListBucketResult>
-
Call EC2:
$ awscurl --service ec2 'https://ec2.amazonaws.com?Action=DescribeRegions&Version=2013-10-15' | tidy -xml -iq <?xml version="1.0" encoding="utf-8"?> <DescribeRegionsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-15/"> <requestId>96511ccd-2d6d-4d63-ad9b-6be6f2c9874d</requestId> <regionInfo> <item> <regionName>eu-north-1</regionName> <regionEndpoint>ec2.eu-north-1.amazonaws.com</regionEndpoint> </item> <item> <regionName>ap-south-1</regionName> <regionEndpoint>ec2.ap-south-1.amazonaws.com</regionEndpoint> </item> </regionInfo> </DescribeRegionsResponse>
-
Call API Gateway:
$ awscurl --service execute-api -X POST -d @request.json \ https://<prefix>.execute-api.us-east-1.amazonaws.com/<resource>
usage: __main__.py [-h] [-v] [-i] [-X REQUEST] [-d DATA] [-H HEADER] [-k] [--fail-with-body] [--data-binary] [--region REGION] [--profile PROFILE] [--service SERVICE]
[--access_key ACCESS_KEY] [--secret_key SECRET_KEY] [--security_token SECURITY_TOKEN] [--session_token SESSION_TOKEN] [-L] [-o <file>]
uri
Curl AWS request signing
positional arguments:
uri
options:
-h, --help show this help message and exit
-v, --verbose verbose flag (default: False)
-i, --include include headers in the output (default: False)
-X REQUEST, --request REQUEST
Specify request command to use (default: GET)
-d DATA, --data DATA HTTP POST data (default: )
-H HEADER, --header HEADER
HTTP header (default: None)
-k, --insecure Allow insecure server connections when using SSL (default: False)
--fail-with-body Fail on HTTP errors but save the body (default: False)
--data-binary Process HTTP POST data exactly as specified with no extra processing whatsoever. (default: False)
--region REGION AWS region [env var: AWS_DEFAULT_REGION] (default: us-east-1)
--profile PROFILE AWS profile [env var: AWS_PROFILE] (default: default)
--service SERVICE AWS service (default: execute-api)
--access_key ACCESS_KEY
[env var: AWS_ACCESS_KEY_ID] (default: None)
--secret_key SECRET_KEY
[env var: AWS_SECRET_ACCESS_KEY] (default: None)
--security_token SECURITY_TOKEN
[env var: AWS_SECURITY_TOKEN] (default: None)
--session_token SESSION_TOKEN
[env var: AWS_SESSION_TOKEN] (default: None)
-L, --location Follow redirects (default: False)
-o <file>, --output <file>
Write to file instead of stdout (default: )
In general, command-line values override environment variables which override defaults.
If you do not specify the --access_key
or --secret_key
(or environment variables), awscurl
will attempt to use
the credentials you set in ~/.aws/credentials
. If you
do not specify a --profile
or AWS_PROFILE
, awscurl
uses default
.
- AWS Documentation
- Onica blog
- QnA on StackOverflow
- QnA on DevOps StackExchange
- Examples on Golfbert
- awscurl in Go:
- awscurl in Lisp: https://github.com/aw/picolisp-awscurl
- awscurl on DockerHub: https://hub.docker.com/r/okigan/awscurl
- aws-signature-proxy and related blog post
- aws-sigv4-proxy on awslabs