Home > Mobile >  How to specify KMS VPC endpoint url using Boto3?
How to specify KMS VPC endpoint url using Boto3?

Time:08-22

I have a lambda function running inside my private subnet. According to the docs, this endpoint needs to be specified under the endpoint-url parameter.

This parameter exists inside the CLI, however not within the Boto3 implementation of the same function!

What gives? How do I encrypt from within my VPC using Boto3 (using the default url causes a EndpointConnectionError: Could not connect to the endpoint URL error- even though I already set it as a private DNS as per the docs)?

CodePudding user response:

In Boto3 you set the endpoint URL when you create the client, not when you call individual methods on the client.

client = boto3.kms("kms", endpoint_url="your_kms_URL")
client.encrypt()

Although if this is going to a VPC Interface Endpoint, you might want to review your VPC's DNS settings, and the endpoints Security Group settings, because this should be working out-of-the-box without the need to explicitly specify the endpoint in code.

  • Related