Skip to content

fix: bucket URL is incorrect for local S3 emulators#1625

Open
peter-smith-phd wants to merge 4 commits into
aws:mainfrom
peter-smith-phd:feat/s3-force-path-style
Open

fix: bucket URL is incorrect for local S3 emulators#1625
peter-smith-phd wants to merge 4 commits into
aws:mainfrom
peter-smith-phd:feat/s3-force-path-style

Conversation

@peter-smith-phd

@peter-smith-phd peter-smith-phd commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown

The AWS SDK addresses S3 buckets using virtual-hosted-style URLs by default (https://<bucket>.s3.amazonaws.com). When targeting custom or local S3-compatible endpoints (for example LocalStack or MinIO), path-style addressing (https://<endpoint>/<bucket>) is often required instead.

There are two ways to enable path-style addressing on the S3 clients, used for asset publishing (cdk-assets-lib) and by the toolkit (toolkit-lib).

  1. Setting AWS_ENDPOINT_URL (or AWS_ENDPOINT_URL_S3) to use a local loopback host, such as localhost, 127.0.0.1 or ::1.
  2. Setting the CDK_S3_FORCE_PATH_STYLE environment variable to explicitly enable the feature. This name follows the existing convention of CDK-specific environment variables such as CDK_DOCKER and CDK_HOME.

Checklist

  • Unit tests added/updated
  • Integration tests added/updated (if deploying new resource types or cross-service interactions)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@peter-smith-phd
feat: CDK_S3_FORCE_PATH_STYLE forces S3 path-style addressing
83975e7 
Setting the `CDK_S3_FORCE_PATH_STYLE` environment variable enables
path-style addressing on the S3 clients used for asset publishing and
by the toolkit, which is useful when targeting custom or local S3
endpoints.
@aws-cdk-automation aws-cdk-automation requested a review from a team June 14, 2026 22:18
@github-actions github-actions Bot added the p2 label Jun 14, 2026
@peter-smith-phd peter-smith-phd marked this pull request as ready for review June 14, 2026 22:24
@rix0rrr

rix0rrr commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Is there a way to autoderive the correct behavior here? Zero-conf is better than an option fleet...

@peter-smith-phd

peter-smith-phd commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Author

Is there a way to autoderive the correct behavior here? Zero-conf is better than an option fleet...

Great question. This option is solely necessary when the user sets a custom AWS_ENDPOINT_URL_S3 . If the URL they provide doesn't support subdomains properly (which is a problem for 127.0.0.1 or localhost), then S3 path-style addressing is required.

So, we could automatically set forcePathStyle if there's a change to AWS_ENDPOINT_URL_S3 (or AWS_ENDPOINT_URL that implicitly sets AWS_ENDPOINT_URL_S3). This is fine if the new URL refers to a non-AWS location (like an emulator), but could be problematic if the new URL points so something like a FIPS endpoint (prefers virtual host for performance reasons).

The most accurate solution would be to detect 127.0.0.1 and localhost explicitly, and automatically set the flag only in those cases. Would that be more acceptable?

@rix0rrr

rix0rrr commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

I think I would like that better, yes. I'm debating whether it would be beneficial to check the URL and see if it ends in one of the AWS domains (*.amazonaws.com etc), and disable the feature if not. Should work for FIPS endpoints, VPC endpoints, and if our domain list is exhaustive enough also for ADC regions.

But to be frank, I don't know enough about the various network configurations people could run to know if that's exhaustive enough or not, or people would want virtual hosts with custom domains as well... so probably doing the following will do the most good for the most people:

  • Keep the environment variable for explicit control
  • Autodetect to path-based routing for special hosts like localhost and 127.0.0.1

@peter-smith-phd @claude
feat: auto-detect S3 path-style addressing for loopback endpoints
a4df7a4 
In addition to the explicit `CDK_S3_FORCE_PATH_STYLE` environment variable,
path-style addressing is now enabled automatically when the configured S3
endpoint (`AWS_ENDPOINT_URL_S3`, falling back to `AWS_ENDPOINT_URL`) points at
a loopback host such as `localhost` or `127.0.0.1`, so local S3 emulators work
without extra configuration.

The detection logic is shared between `cdk-assets-lib` and `toolkit-lib` via
the `@aws-cdk/private-tools` package instead of being duplicated in each.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@peter-smith-phd

peter-smith-phd commented Jun 16, 2026

Copy link
Copy Markdown
Author

Thanks, that sounds like a plan. I suspect that localhost and 127.0.0.1 are the far most common hostnames that would be used, whereas trying to enumerate all those ADC regions would end up with yearly maintenance 😄

I've updated the PR, and have created a shared package (based off how zip is shared). Hopefully this is the correct approach.

@peter-smith-phd peter-smith-phd changed the title feat: CDK_S3_FORCE_PATH_STYLE forces S3 path-style addressing feat: Detect and enable S3 path-style addressing for local S3 emulators Jun 16, 2026
@github-actions
chore: self mutation
6acde5a 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@rix0rrr rix0rrr changed the title feat: Detect and enable S3 path-style addressing for local S3 emulators feat: detect and enable S3 path-style addressing for local S3 emulators Jun 17, 2026
@rix0rrr rix0rrr enabled auto-merge June 17, 2026 07:30
@rix0rrr rix0rrr changed the title feat: detect and enable S3 path-style addressing for local S3 emulators feat: bucket URL is incorrect for local S3 emulators Jun 17, 2026
@rix0rrr rix0rrr changed the title feat: bucket URL is incorrect for local S3 emulators fix: bucket URL is incorrect for local S3 emulators Jun 17, 2026
@codecov-commenter

codecov-commenter commented Jun 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.73%. Comparing base (425ccb0) to head (6acde5a).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1625   +/-   ##
=======================================
  Coverage   88.73%   88.73%           
=======================================
  Files          77       77           
  Lines       11359    11359           
  Branches     1584     1585    +1     
=======================================
  Hits        10079    10079           
  Misses       1250     1250           
  Partials       30       30
Flag Coverage Δ
suite.unit 88.73% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

Assignees

No one assigned

Labels

p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@peter-smith-phd @rix0rrr @codecov-commenter @aws-cdk-automation