From 77dfe07295cf40739d040e3330b36d40ac5101f9 Mon Sep 17 00:00:00 2001 From: Eduardo Date: Mon, 25 Aug 2025 11:39:31 +0200 Subject: [PATCH 1/7] docs: Adding limitation to TEI docs. --- .../networking/transparent-endpoint-injection.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md index a855e909..93079748 100644 --- a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md +++ b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md @@ -110,6 +110,11 @@ Make sure to use this only for local testing, and never in production. - The mechanism to disable certificate validation for these requests is not currently functional with Go Lambdas. To work around this issue, you'll need to manually set your endpoint when creating your AWS SDK client, as detailed in our documentation on the [Go AWS SDK](/aws/integrations/aws-sdks/go). +- Transparent Endpoint Injection is not designed to work within the LocalStack container or in containers it spawns, like a Lambda function. To connect to LocalStack from within these environments, you have a couple of options: + - Set the AWS_ENDPOINT_URL environment variable: +Set `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566`. This is the recommended approach as it directly points your AWS client to the LocalStack endpoint. + - Disable certificate validation (not recommended): +If the first option isn't feasible, you can disable certificate validation by exporting an empty AWS_CA_BUNDLE variable(`export AWS_CA_BUNDLE=""`). However, note that this will cause a warning to be raised for every command. You can suppress these warnings by setting the PYTHONWARNINGS=ignore environment variable ## Troubleshooting From 792fb4b5adf4bca57aabef0abbe5ef740d678c8a Mon Sep 17 00:00:00 2001 From: Eduardo Date: Mon, 25 Aug 2025 11:44:01 +0200 Subject: [PATCH 2/7] doc: TEI limiations small modifications --- .../capabilities/networking/transparent-endpoint-injection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md index 93079748..1b333bbd 100644 --- a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md +++ b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md @@ -114,7 +114,7 @@ Make sure to use this only for local testing, and never in production. - Set the AWS_ENDPOINT_URL environment variable: Set `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566`. This is the recommended approach as it directly points your AWS client to the LocalStack endpoint. - Disable certificate validation (not recommended): -If the first option isn't feasible, you can disable certificate validation by exporting an empty AWS_CA_BUNDLE variable(`export AWS_CA_BUNDLE=""`). However, note that this will cause a warning to be raised for every command. You can suppress these warnings by setting the PYTHONWARNINGS=ignore environment variable +If the first option isn't feasible, you can disable certificate validation by exporting an empty AWS_CA_BUNDLE variable(`export AWS_CA_BUNDLE=""`). However, note that this will cause a warning to be raised for every command. You can suppress these warnings by setting the `PYTHONWARNINGS=ignore` environment variable. ## Troubleshooting From c4860ede760b5643e3a15256f0959cfa4f047ca2 Mon Sep 17 00:00:00 2001 From: eduardo <83775838+drauedo@users.noreply.github.com> Date: Tue, 26 Aug 2025 21:05:38 +0200 Subject: [PATCH 3/7] Changing wording on limitation. Co-authored-by: Quetzalli --- .../capabilities/networking/transparent-endpoint-injection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md index 1b333bbd..29ef6a46 100644 --- a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md +++ b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md @@ -110,7 +110,7 @@ Make sure to use this only for local testing, and never in production. - The mechanism to disable certificate validation for these requests is not currently functional with Go Lambdas. To work around this issue, you'll need to manually set your endpoint when creating your AWS SDK client, as detailed in our documentation on the [Go AWS SDK](/aws/integrations/aws-sdks/go). -- Transparent Endpoint Injection is not designed to work within the LocalStack container or in containers it spawns, like a Lambda function. To connect to LocalStack from within these environments, you have a couple of options: +- Transparent Endpoint Injection does not work when code runs inside the LocalStack container or any containers it spawns (e.g., Lambda functions). If you need to connect to LocalStack from within these environments, here are a couple of alternative approaches: - Set the AWS_ENDPOINT_URL environment variable: Set `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566`. This is the recommended approach as it directly points your AWS client to the LocalStack endpoint. - Disable certificate validation (not recommended): From 9febf7e2ca80ef616beea8df4848f875ad08abf4 Mon Sep 17 00:00:00 2001 From: Brian Rinaldi Date: Wed, 22 Oct 2025 16:30:00 -0400 Subject: [PATCH 4/7] Address feedback --- .../capabilities/networking/transparent-endpoint-injection.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md index 29ef6a46..957cc67f 100644 --- a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md +++ b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md @@ -115,6 +115,8 @@ Make sure to use this only for local testing, and never in production. Set `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566`. This is the recommended approach as it directly points your AWS client to the LocalStack endpoint. - Disable certificate validation (not recommended): If the first option isn't feasible, you can disable certificate validation by exporting an empty AWS_CA_BUNDLE variable(`export AWS_CA_BUNDLE=""`). However, note that this will cause a warning to be raised for every command. You can suppress these warnings by setting the `PYTHONWARNINGS=ignore` environment variable. +- Transparent endpoint injection involves a combination redirecting requests using DNS and disabling certificate validation for these requests (to avoid issues when using https). Disabling certificate validation only works for processes LocalStack controls, for example Lambda (managed runtimes) and processes LocalStack starts within the LocalStack container. This means that, even whein cases where DNS properly redirects the requests both inside the main LocalStack container and any spawned containers, you may still encounter certificate issues for processes not spawned directly by LocalStack. To avoid this issue, use `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566` as an alternative. + ## Troubleshooting From 6221e1535f84cd984a23cec3d05a4a9d2c3dce98 Mon Sep 17 00:00:00 2001 From: Brian Rinaldi Date: Wed, 29 Oct 2025 10:26:01 -0400 Subject: [PATCH 5/7] Update src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md Co-authored-by: Daniel Fangl --- .../capabilities/networking/transparent-endpoint-injection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md index 957cc67f..3cb09724 100644 --- a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md +++ b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md @@ -115,7 +115,7 @@ Make sure to use this only for local testing, and never in production. Set `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566`. This is the recommended approach as it directly points your AWS client to the LocalStack endpoint. - Disable certificate validation (not recommended): If the first option isn't feasible, you can disable certificate validation by exporting an empty AWS_CA_BUNDLE variable(`export AWS_CA_BUNDLE=""`). However, note that this will cause a warning to be raised for every command. You can suppress these warnings by setting the `PYTHONWARNINGS=ignore` environment variable. -- Transparent endpoint injection involves a combination redirecting requests using DNS and disabling certificate validation for these requests (to avoid issues when using https). Disabling certificate validation only works for processes LocalStack controls, for example Lambda (managed runtimes) and processes LocalStack starts within the LocalStack container. This means that, even whein cases where DNS properly redirects the requests both inside the main LocalStack container and any spawned containers, you may still encounter certificate issues for processes not spawned directly by LocalStack. To avoid this issue, use `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566` as an alternative. +- Transparent endpoint injection involves a combination redirecting requests using DNS and disabling certificate validation for these requests (to avoid issues when using https). Disabling certificate validation only works for processes LocalStack controls, for example Lambda (managed runtimes) and processes LocalStack starts within the LocalStack container. This means that, even in cases where DNS properly redirects the requests both inside the main LocalStack container and any spawned containers, you may still encounter certificate issues for processes not spawned directly by LocalStack. To avoid this issue, use `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566` as an alternative. ## Troubleshooting From bd5cf9d439cc990189cfa30f9a2329590296329c Mon Sep 17 00:00:00 2001 From: Brian Rinaldi Date: Wed, 29 Oct 2025 10:26:09 -0400 Subject: [PATCH 6/7] Update src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md Co-authored-by: Daniel Fangl --- .../capabilities/networking/transparent-endpoint-injection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md index 3cb09724..425aab0e 100644 --- a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md +++ b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md @@ -114,7 +114,7 @@ Make sure to use this only for local testing, and never in production. - Set the AWS_ENDPOINT_URL environment variable: Set `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566`. This is the recommended approach as it directly points your AWS client to the LocalStack endpoint. - Disable certificate validation (not recommended): -If the first option isn't feasible, you can disable certificate validation by exporting an empty AWS_CA_BUNDLE variable(`export AWS_CA_BUNDLE=""`). However, note that this will cause a warning to be raised for every command. You can suppress these warnings by setting the `PYTHONWARNINGS=ignore` environment variable. +If the first option isn't feasible, you can disable certificate validation by exporting an empty AWS_CA_BUNDLE variable(`export AWS_CA_BUNDLE=""`). However, note that this will cause a warning to be raised for every command. You can suppress these warnings by setting the `PYTHONWARNINGS=ignore` environment variable. This will only work for the `boto3` AWS SDK. - Transparent endpoint injection involves a combination redirecting requests using DNS and disabling certificate validation for these requests (to avoid issues when using https). Disabling certificate validation only works for processes LocalStack controls, for example Lambda (managed runtimes) and processes LocalStack starts within the LocalStack container. This means that, even in cases where DNS properly redirects the requests both inside the main LocalStack container and any spawned containers, you may still encounter certificate issues for processes not spawned directly by LocalStack. To avoid this issue, use `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566` as an alternative. From 2d68a07f000ef4123bc599c368c0811a136820fe Mon Sep 17 00:00:00 2001 From: Brian Rinaldi Date: Wed, 29 Oct 2025 10:26:20 -0400 Subject: [PATCH 7/7] Update src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md Co-authored-by: Daniel Fangl --- .../capabilities/networking/transparent-endpoint-injection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md index 425aab0e..b93b1fa9 100644 --- a/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md +++ b/src/content/docs/aws/capabilities/networking/transparent-endpoint-injection.md @@ -110,7 +110,7 @@ Make sure to use this only for local testing, and never in production. - The mechanism to disable certificate validation for these requests is not currently functional with Go Lambdas. To work around this issue, you'll need to manually set your endpoint when creating your AWS SDK client, as detailed in our documentation on the [Go AWS SDK](/aws/integrations/aws-sdks/go). -- Transparent Endpoint Injection does not work when code runs inside the LocalStack container or any containers it spawns (e.g., Lambda functions). If you need to connect to LocalStack from within these environments, here are a couple of alternative approaches: +- Transparent Endpoint Injection does not work when code runs inside the LocalStack container. If you need to connect to LocalStack from within the container, here are a couple of alternative approaches: - Set the AWS_ENDPOINT_URL environment variable: Set `AWS_ENDPOINT_URL=http://localhost.localstack.cloud:4566`. This is the recommended approach as it directly points your AWS client to the LocalStack endpoint. - Disable certificate validation (not recommended):