Is it possible to disable SSL certificate checking in the amazon kinesis consumer library v2?

Question

When developing a Kinesis Consumer using Version 2 of the Kinesis Consumer Library and overriding the Dynamo DB endpoint to a localstack endpoint the library fails to create the leasing table due to SSL handshake errors.

I can confirm that creating the table succeeds when using AWS' Dynamo DB, but as soon as I override the endpoint url to a localstack url the Dynamo DB client fails to create the lease table after multiple retries. The stack trace isn't that useful but Wireshark shows all of the SSL handshake errors so I can only assume the Amazon SDK is not accepting the localstack certificate. I cannot find any mention of how to disable certificate verification using the software.amazon.awssdk package.

Region region = Region.of("us-east-1");
DefaultCredentialsProvider credentialsProvider = DefaultCredentialsProvider.create();
DynamoDbAsyncClient dynamoClient = DynamoDbAsyncClient.builder()
    .region(region)
    .endpointOverride(URI.create("https://localhost:4569"))
    .credentialsProvider(credentialsProvider)
    .build();

/edit This is based off the example from Amazon found here: https://docs.aws.amazon.com/streams/latest/dev/kcl2-standard-consumer-java-example.html

James Cauwelier James Cauwelier · Accepted Answer · 2019-07-27T14:54:35

In kotlin I am setting an environment variable like this:

System.setProperty(SDKGlobalConfiguration.DISABLE_CERT_CHECKING_SYSTEM_PROPERTY, "true");

This will allow you to use localstack for DynamoDB, in fact, that is exactly why I am setting the above environment variable.

More environment variables can be found in the aws-java-sdk github repo

Is it possible to disable SSL certificate checking in the amazon kinesis consumer library v2?

2 Answers