Fixing certificate validation errors from AWS CLI when using the cg-egress-proxy
If you are using the
cg-egress-proxy to restrict the egress traffic for your application, you may experience certificate validation errors which prevent you from interacting with brokered AWS services using the CLI.
The cause of the issue is that AWS CLI is overriding certificates that cloud.gov provides and preventing the AWS CLI from being able to validate TLS connections, thus causing CLI commands to fail.
To force the AWS CLI to use the system CA cert stores, you can add this environment variable:
Environment variables can be set for your application by using a manifest, the
cf set-env CLI command, or in the
.profile file for your application. For applications running custom Docker images, you could also set this environment variable in the
Dockerfile for your image.