I'm trying to run awscurl to perform requests to the ES service through an SSH tunnel. The tunnel opens a local port connected to the ES service 443 port on the API endpoint. The tunnel is required to connect to a service not available to the public. The issue is that awscurl creates a signature using the URL passed in CLI. But the service hostname and port are different from the local URL. I need to make a signature using the real API endpoint, not using the local one. It would be nice to add this feature.

Answering my own question - it's possible to do with the host header passed. But the only issue is that the header name must be lower-case. This will not work: -H "Host: $ES_HOST".

Also, documenting this would be very helpful.

I think I’ve heard of something similar. Is that the same as specifying HOST header (different than hostname in the URL)?

Yes, the same. I just described why I need that. My actual URL passed to awscurl is something like https://host.docker.internal:10443. But the signature must be created for the real service API endpoint hostname.

Another minor suggestion: don't include the 443 port to the hostname to use in the signature if it was explicitly specified along with the https protocol. Using vpc-***.***.es.amazonaws.com:443 as the hostname in the signature cause validation failure.

Are you using latest version? I remember adding case insensitive logic before.

I'm using the latest version in the Docker container.

@speller review the above please

@speller Bumping up old thread. Would you review the above for the upcoming release?

@okigan sorry for the late reply. It seems trimming the default port should solve the issue.

Branch merged -- closing issue.