Friday, August 5, 2011

ec2 api tools through an http proxy

I spent about an hour on this today so I thought it would be reasonable to post about it. I was trying to access the EC2 API tools behind my firewall at work, through our http proxy server. You can get this to work by setting a JVM environment variable called EC2_JVM_ARGS like so. Example is from a Linux box.

Example without username authentication (using ntlmaps)
export EC2_JVM_ARGS="-DproxySet=true -DproxyHost=localhost -DproxyPort=5865 -Dhttps.proxySet=true -Dhttps.proxyHost=localhost -Dhttps.proxyPort=5865"

Example with username authentication
export EC2_JVM_ARGS="-DproxySet=true -DproxyHost=http-proxy -DproxyPort=8080 -Dhttps.proxySet=true -Dhttps.proxyHost=http-proxy -Dhttps.proxyPort=8080 -Dhttp.proxyUser=username -Dhttp.proxyPass=password -Dhttps.proxyUser=username -Dhttps.proxyPass=password"

Voila..it works!
sodo@linux-z6tw:~> ec2din -v
Setting User-Agent to [ec2-api-tools 1.4.4.0]
Using proxy [http-proxy:8080]
Using proxy credentials [username@password] for all realms
------------------------------[ REQUEST ]-------------------------------
------------------------------------------------------------------------
REQUEST ID 76b60060-790c-403f-b0dd-75d06d7f3a79


Hooray!
sodo

Reference
https://forums.aws.amazon.com/thread.jspa?messageID=52041쭉

8 comments:

  1. one issue, it seems to keep apache from responding to the load balancer via existing path since my proxy server is internal. any way you see to easily keep lb traffic going back to lb and not backend proxy while still enabling ec2api stuff?

    thx

    ReplyDelete
  2. Odd, as the environment variable (EC2_JVM_ARGS) is setting JVM args specifically for EC2 and shouldn't effect anything else with Apache. I didn't have that particular issue so, sorry, I don't know. However, if you only have to access EC2 tools intermittently, I'd just null out or remove the environment variable entirely after you're done using it.

    ReplyDelete
  3. man i had a second https server running. it was due to a backup ssl file in the apache folder. your solution is perfect. thanks again..

    ReplyDelete