Menu
When developing a Kinesis Consumer using Version 2 of the Kinesis Consumer Library and overriding the Dynamo DB endpoint to a localstack endpoint the library fails to create the leasing table due to SSL handshake errors.
I can confirm that creating the table succeeds when using AWS' Dynamo DB, but as soon as I override the endpoint url to a localstack url the Dynamo DB client fails to create the lease table after multiple retries. The stack trace isn't that useful but Wireshark shows all of the SSL handshake errors so I can only assume the Amazon SDK is not accepting the localstack certificate. I cannot find any mention of how to disable certificate verification using the software.amazon.awssdk package.
Region region = Region.of("us-east-1");
DefaultCredentialsProvider credentialsProvider = DefaultCredentialsProvider.create();
DynamoDbAsyncClient dynamoClient = DynamoDbAsyncClient.builder()
.region(region)
.endpointOverride(URI.create("https://localhost:4569"))
.credentialsProvider(credentialsProvider)
.build();
/edit This is based off the example from Amazon found here: https://docs.aws.amazon.com/streams/latest/dev/kcl2-standard-consumer-java-example.html
884
asked Oct 31 '25 16:10
In kotlin I am setting an environment variable like this:
System.setProperty(SDKGlobalConfiguration.DISABLE_CERT_CHECKING_SYSTEM_PROPERTY, "true");
This will allow you to use localstack for DynamoDB, in fact, that is exactly why I am setting the above environment variable.
More environment variables can be found in the aws-java-sdk github repo
99
answered Nov 02 '25 07:11
Here is an example for S3
final AttributeMap attributeMap = AttributeMap.builder()
.put(SdkHttpConfigurationOption.TRUST_ALL_CERTIFICATES, true)
.build();
final SdkHttpClient sdkHttpClient = new DefaultSdkHttpClientBuilder().buildWithDefaults(attributeMap);
return S3Client.builder()
.httpClient(sdkHttpClient)
.build();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With