I am developing a Spring Boot Application that uses HTTPS Only. I am using AWS services and the corresponding AWS Java SDK. How can I view the HTTP(S) request that the java sdk methods call on the backend of my application? I want to make sure when doing uploads to S3, etc, that everything is done over HTTPS only as the security of this application is important. A little confused on how to see when the backend of the application is interacting with the AWS services. Thanks in advance.
Advertisement
Answer
AWS uses HTTPS by default for all communications, and gives you options (such as VPC endpoints) that prevent traffic from leaving the AWS VPC.
Unfortunately, I couldn’t find a reference in the Java SDK documentation that says it follows this practice. You can find guarantees for individual services (for example, S3). And it’s implied that the SDK uses TLS by the page that describes how to enforce using TLS 1.2.
However, if you really want to be sure, you need to enable logging at the wire level.
Update in response to comment:
I ran the following program with debugging on:
public static void main(String[] argv)
throws Exception
{
S3Client client = S3Client.builder().build();
for (Bucket bucket : client.listBuckets().buckets())
{
System.out.println(bucket.name());
}
}
Looking at the logs, it’s definitely making an HTTPS connection:
2021-11-17 17:51:24,802 [main] DEBUG request - Sending Request: DefaultSdkHttpFullRequest(httpMethod=GET, protocol=https, host=s3.amazonaws.com, port=443, encodedPath=/, headers=[amz-sdk-invocation-id, User-Agent], queryParameters=[])
...
2021-11-17 17:51:24,832 [main] DEBUG PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://s3.amazonaws.com:443][total kept alive: 0; route allocated: 0 of 50; total allocated: 0 of 50]
2021-11-17 17:51:24,839 [main] DEBUG PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://s3.amazonaws.com:443][total kept alive: 0; route allocated: 1 of 50; total allocated: 1 of 50]
2021-11-17 17:51:24,840 [main] DEBUG MainClientExec - Opening connection {s}->https://s3.amazonaws.com:443
2021-11-17 17:51:24,871 [main] DEBUG DefaultHttpClientConnectionOperator - Connecting to s3.amazonaws.com/52.216.251.102:443
2021-11-17 17:51:24,871 [main] DEBUG SdkTlsSocketFactory - Connecting socket to s3.amazonaws.com/52.216.251.102:443 with timeout 2000
2021-11-17 17:51:24,902 [main] DEBUG SdkTlsSocketFactory - Enabled protocols: [TLSv1.2]
That’s followed by the TLS negotiation, and then the actual request. One thing that may be confusing, if you’re not familiar with the HTTP protocol, is this:
2021-11-17 17:51:25,022 [main] DEBUG MainClientExec - Executing request GET / HTTP/1.1
That’s the HTTP request line, and the “HTTP/1.1” indicates the protocol version. This information is sent over the secure connection.