Official Amazon AWS command-line interface. Depends on: [email protected] Interpreted, interactive, object-oriented programming language. The 'examples' directory has been installed to: $ (brew -prefix)/share/awscli/examples. Have installed Docker Desktop 4.0 (completed without issue). Now trying to install SAM using brew tap aws/tap followed by brew install aws-sam-cli which eventually results in: Installing dependencies for aws/tap/aws-sam-cli: [email protected] and [email protected] Installing aws/tap/aws-sam-cli dependency: [email protected] Pouring [email protected] Dear AWS, Please stop telling us about the new experience console, when there is so many problems with it. First of all you need to update all your DOCUMENTATION for the new console. Your 'howtos' don't match the new console. Secondly, and most important, make sure the new console has ALL THE FEATURES OF THE OLD CONSOLE.
Brew install awscli. And confirming the installation like so: aws -version aws-cli/2.0.8 Python/3.8.2 Darwin/19.4.0 botocore/2.0.0dev12 2.2 AWS SAM CLI. How to install the AWS SAM CLI is explained here. Again, with Homebrew installed on your Mac, it can be installed like so: brew tap aws/tap brew install aws. In this video, I compare two AWS services for data preparation: AWS Glue Data Brew and Amazon SageMaker Data Wrangler. I discuss their unique capabilities, a.
I frequently see people struggling to set up HTTPS in development. If you’re a long time developer, you may have done this in the past with self-signed certificates, buying your own certificates and tweaking your hosts file, or using tools like puma-dev. While these approaches work to an extent, Let’s Encrypt changed the game, at least for me.
With Let’s Encrypt and a DNS provider like AWS Route 53, you’ll be able to run HTTPS with wildcard subdomains without having to mess with your
/etc/hosts file, or having to install tools that create a custom DNS resolver.
I’m going to focus on macOS, my development environment, but you can pretty much follow the same instructions everywhere. Just install the software dependencies as needed.
Configuring AWS Route 53
On the dashboard, select “Route 53” under “Networking & Content Delivery”. You can also type “route 53” on the search field. You’ll be redirected to AWS Route 53’s dashboard.
Now, on the sidebar, click on “Hosted Zones”.
You’ll need a domain for this, so you have a few options:
- Use a domain you already have and it’s not being used (e.g.
- Use a subdomain on a existing domain that’s being used (e.g.
- Buy a new domain, maybe one of those fancy
.dev, which convey exactly what you’re doing (e.g.
I decided to buy yet another domain and went with option #3, just because it’s shorter, specially when doing wildcard domains (
something.fnando.dev). It looks nicer too! 🤓
Once you create your hosted zone, you have to configure your domain and point its DNS to AWS Route 53. The hosts you’ll need are defined under the record type
NS. Go to your domain provider and set this up. I use Namecheap, so this is how you do it:
Back to AWS Route 53. Let’s create two
A records that point your DNS to your development machine, in this case the loopback address
The first record will handle
fnando.dev. Click on “Create Record Set”, choose “A - IPv4 address” under the record type and set the value to
127.0.0.1. Make sure you don’t type anything under the name; otherwise, you’d be pointing a subdomain instead.
The second record will handle wildcard subdomains. Click on “Create Record Set” once again, choose “A - IPv4 address”, but this time use
* as the record name. The value should be
127.0.0.1, just like before.
And the waiting game starts. You now have to wait until your DNS is propagated completely, but that shouldn’t take long. You can check it using
dig on the command-line.
While you wait, you can set up a new AWS credential restricted to this domain. Before we move on, look at your browser’s url: you’ll need the zone id, so copy this value or write it down somewhere.
Now, let’s create the user and a policy. This can be done on AWS IAM, so search for this option under the services menu.
On the sidebar, click on “Policies”, then “Create Policy”.
Use the JSON below as your policy. Remember to replace
YOUR_ZONE_ID with your zone id. Iphone passcode removing tool.
Now, click on “Review policy”. Give it a recognizable name and click on “Create policy”.
It’s time to create a new user. On the sidebar, click on “Users” and then “Add User”. Give it a name like
letsencrypt-mac, or something that describes your machine. You’ll also have to select “Programmatic Access” under “Access type”.
Click “Next”. Now we’re going to select the policy we’ve created a few steps before. Click on “Attach existing policies directly” and search for your policy, in this case
Click “Next: Tags”, then “Next: Review”. Finally, click “Create User”.
This step is important: you’ll be presented with your access and secret keys. Save both of them somewhere safe, like your password manager.
As far as AWS goes, you’re all set up. Now, let’s configure certbot, the command-line interface that’ll interact with Let’s Encrypt.
Since I’m a macOS user, I use homebrew. To install certbot, run
brew install certbot. You can also find instruction for other system on certbot’s website.
To automatically issue certificates that are validated against AWS Route 53’s DNS, we need to install a certbot plugin called
certbot-dns-route53. We can Python’s
You can verify that certbot can see the plugin by running
Now, let’s generate the certificates. The first thing to know is that you need to export your AWS credentials as
AWS_SECRET_ACCESS_KEY environment variables. It’s up to you how you want to manage these variables. Personally, I like adding them to
~/.zsh/user.sh, which is then loaded by my
~/.zshrc file. For this article, I’ll just export them before using them.
To generate a certificate, use the command
certbot certonly. Notice that I’m specifying local directories; this is required if you don’t want to use
sudo. After the process is complete, the certificate will be saved to
~/local/letsencrypt/live/fnando.dev. If you’re not sure if everything is set up accordingly, use the switch
--dry-run; this will run certbot on their staging environment, which has a higher limit for failures. In production, you will be blocked from generating new certificates for a hour after a certain number of failures.
Once the command finishes running, you’ll see something like this:
This is all we need to do. When your certificates are about to expire, you’ll receive an email from Let’s Encrypt.
You’ll receive an reminder to renew your certificates via email. To renew your certificates, just run the same command above (i.e.
Once it’s done, remember to restart the webserver.
Once again, we can install NGINX using homebrew. Just run the command
brew install nginx.
Given that I develop web applications all the time, I like starting NGINX on boot. To do it so, run the command
sudo brew services start nginx, and homebrew will take care of copying the launch file to
Yeah, I know…
sudo. But that’s how you can hit
https://fnando.dev instead of having to specify a non-privileged port. Another thing you could do is setting up
/usr/local permission to the group
admin, so it’s up to you.
Your NGINX configuration must be added to
/usr/local/etc/nginx/servers/. I like to use the apex domain name (i.e. the domain name without subdomain) as the file name, so I’m going to create a
/usr/local/etc/nginx/servers/fnando.dev.conf file with the content below.
Notice that you cannot use
~ to indicate your home directory, so use the full path instead. Another thing is that you can specify any number of servers on the upstream statement, so make sure your framework’s port is listed there.
Now, restart the server with
sudo brew services restart nginx.
If you’re all set up, you can hit your application on your custom domain, like
https://fnando.dev. To quickly test it, start your web application and hit that url.
As you can see, this is a 100% valid certificate.
And subdomains work just fine. 😎
You may be wondering why would you develop using HTTPS, and the answer is that many things require HTTPS, like webauthn. You can check a full list of features that require secure context on Mozilla’s website.
I tried all sort of combinations in the past, but this is the best option by far. No hacks, no crazy “add certificate roots to keychain” setups. Thanks, Let’s Encrypt.