'Is it possible to disable SSL certificate checking in the amazon kinesis consumer library v2?

When developing a Kinesis Consumer using Version 2 of the Kinesis Consumer Library and overriding the Dynamo DB endpoint to a localstack endpoint the library fails to create the leasing table due to SSL handshake errors.

I can confirm that creating the table succeeds when using AWS' Dynamo DB, but as soon as I override the endpoint url to a localstack url the Dynamo DB client fails to create the lease table after multiple retries. The stack trace isn't that useful but Wireshark shows all of the SSL handshake errors so I can only assume the Amazon SDK is not accepting the localstack certificate. I cannot find any mention of how to disable certificate verification using the software.amazon.awssdk package.

Region region = Region.of("us-east-1");
DefaultCredentialsProvider credentialsProvider = DefaultCredentialsProvider.create();
DynamoDbAsyncClient dynamoClient = DynamoDbAsyncClient.builder()
    .region(region)
    .endpointOverride(URI.create("https://localhost:4569"))
    .credentialsProvider(credentialsProvider)
    .build();

/edit This is based off the example from Amazon found here: https://docs.aws.amazon.com/streams/latest/dev/kcl2-standard-consumer-java-example.html

javaaws-sdkamazon-kinesislocalstack


Solution 1:[1]

In kotlin I am setting an environment variable like this:

System.setProperty(SDKGlobalConfiguration.DISABLE_CERT_CHECKING_SYSTEM_PROPERTY, "true");

This will allow you to use localstack for DynamoDB, in fact, that is exactly why I am setting the above environment variable.

More environment variables can be found in the aws-java-sdk github repo

Solution 2:[2]

In the SDK version 2 need to use option: software.amazon.awssdk.http.SdkHttpConfigurationOption#TRUST_ALL_CERTIFICATES

Example of usage:

private SdkAsyncHttpClient buildSdkAsyncHttpClient() {
    return NettyNioAsyncHttpClient.builder()
            .buildWithDefaults(
                    AttributeMap.builder()
                            .put(SdkHttpConfigurationOption.TRUST_ALL_CERTIFICATES, true)
                            .build()
            );
}

Solution 3:[3]

Here is an example for S3

final AttributeMap attributeMap = AttributeMap.builder()
        .put(SdkHttpConfigurationOption.TRUST_ALL_CERTIFICATES, true)
        .build();
final SdkHttpClient sdkHttpClient = new DefaultSdkHttpClientBuilder().buildWithDefaults(attributeMap);

return S3Client.builder()
        .httpClient(sdkHttpClient)
        .build();

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 James Cauwelier
Solution 2 StateItPrimitive
Solution 3 Patrick Brielmayer

Related Questions