AppEngine: connect with boto to AWS cloud end-point with SSL enabled

Question

I'm trying to call an AWS end-point from AppEngine standard environment (or from dev_server) via Python boto library.

Here's an example:

import boto.sqs
sqs = boto.sqs.connect_to_region(constants.AWS_REGION,  
                                 aws_access_key_id = constants.AWS_KEY,
                                 aws_secret_access_key = constants.AWS_SECRET,
                                 is_secure = 1) # <- this option makes the difference!
queue = sqs.create_queue("my-new-queue")

This code runs fine from my local console, but when I try do the same thing from an AppEngine, I would see this error stack:

File "C:\Work\xxx\app\lib\boto\connection.py", line 1192, in get_object
  response = self.make_request(action, params, path, verb)
File "C:\Work\xxx\app\lib\boto\connection.py", line 1116, in make_request
  return self._mexe(http_request)
File "C:\Work\xxx\app\lib\boto\connection.py", line 1030, in _mexe
  raise ex
error: [Errno 13] Permission denied

Here's what I already tried with no success:

• To use boto3 instead of boto
• To disable urlfetch via environment variable GAE_USE_SOCKETS_HTTPLIB
• To turn is_secure off. Well, this helps, but only with certain end-points. STS, for instance, would reject most insecure calls.

Any ideas are welcome.

Answer 1

The simplest to use workaround for this problem I found is this:

from boto.https_connection import CertValidatingHTTPSConnection
CertValidatingHTTPSConnection._protocol = "https"

This hack makes boto's implementation compatible with the urlfetch -based google.appengine.dist27.gae_override.httplib.HTTPConnection .