Sign in Subscribe

Configuring AWS CLI to Work with an HTTP/HTTPS Proxy

Andrios Robert

2 min read

The AWS CLI wouldn’t connect. Timeouts. Frustration. The network was locked down behind a proxy that didn’t care about your deadlines.

When AWS CLI access must route through an HTTP or HTTPS proxy, the smallest misstep in configuration can block everything. Understanding exactly how to set HTTP_PROXY, HTTPS_PROXY, and NO_PROXY is the difference between a working deployment and staring at a blinking cursor.

The AWS CLI supports proxy settings at the environment level. Set them directly in your shell before running commands:

export HTTP_PROXY=http://proxy.example.com:8080
export HTTPS_PROXY=http://proxy.example.com:8080
export NO_PROXY=localhost,127.0.0.1,.internal-domain.com

On Windows PowerShell:

setx HTTP_PROXY "http://proxy.example.com:8080"
setx HTTPS_PROXY "http://proxy.example.com:8080"
setx NO_PROXY "localhost,127.0.0.1,.internal-domain.com"

Some AWS CLI commands, especially those using the AWS SDK under the hood, will fail silently if proxy variables are wrong or omitted. Double-check your proxy server’s protocol — mixing http with https will cause connection resets. Always match the proxy URL scheme with what your proxy server supports.

When working within private networks, a corporate proxy often filters outbound traffic. If your AWS CLI calls hang or error with Connection timed out after X milliseconds, test proxy connectivity directly:

curl -I https://s3.amazonaws.com --proxy http://proxy.example.com:8080

If curl works but AWS CLI fails, the issue is often credentials for the proxy. Configure these inline:

export HTTPS_PROXY=http://username:password@proxy.example.com:8080

Be careful with credential storage. For more secure handling, use your environment’s secret store instead of hardcoding passwords.

Proxy configuration also matters for AWS CLI profiles. You can pass proxy settings via the AWS_CA_BUNDLE option if the proxy uses custom certificates:

aws s3 ls --profile myprofile --ca-bundle /path/to/cert.pem

This is critical for services like sts:AssumeRole where SSL validation is strict.

To test everything end to end, run a simple list operation:

aws s3 ls

If it returns buckets instead of freezing, your AWS CLI proxy settings are correct.

When functioning, AWS CLI through a proxy unlocks secure access to S3, EC2, CloudWatch, and every other AWS API from locked-down environments. When broken, it feels impossible to debug. Keep your configurations clean, test in isolation, and replicate working setups across your team's machines as code.

There’s a faster way to skip the pain, see the connection live, and make AWS CLI Access Proxy just work. Try it on hoop.dev and be up and running in minutes.

Sign up for more like this.

Enter your email
Subscribe