awscli v1.41.9 onwards does not find endpoint for s3 during cloudformation package #9629
Description
Describe the bug
On 1.41.9 through 1.41.16 (current) of awscli, aws cloudformation package does not appear to respect endpoint settings when uploading artifacts. See this bug: localstack/localstack#12933 for additional details on how this was discovered.
This functionality works on 1.41.8 and below.
Running the following command from within a docker container:
aws --endpoint-url=http://host.docker.internal:4566 cloudformation package --template .aws-sam/build/template.yaml --s3-bucket authz-service-lambdas --s3-prefix code --region us-east-1 --output-template packaged_template.yaml
Leads to this debug statement on working versions:
2025-07-30 13:24:26.526 | 2025-07-30 20:24:26,526 - MainThread - botocore.regions - DEBUG - Calling endpoint provider with parameters: {'Bucket': 'authz-service-lambdas', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'http://host.docker.internal:4566', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'Key': 'code/1e7e77c36efb9c0c65f127a85bd97b0c', 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True}
2025-07-30 13:24:26.531 | 2025-07-30 20:24:26,530 - MainThread - botocore.regions - DEBUG - Endpoint provider result: http://host.docker.internal:4566/authz-service-lambdas
While on non working versions, I see this:
2025-07-30 13:22:15.240 | 2025-07-30 20:22:15,239 - MainThread - botocore.regions - DEBUG - Calling endpoint provider with parameters: {'Bucket': 'authz-service-lambdas', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'ForcePathStyle': False, 'Accelerate': False, 'UseGlobalEndpoint': True, 'Key': 'code/6c26a8a49938058da73681e7a7b80a4c', 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True}
2025-07-30 13:22:15.242 | 2025-07-30 20:22:15,242 - MainThread - botocore.regions - DEBUG - Endpoint provider result: https://authz-service-lambdas.s3.amazonaws.com
Note the lack of an Endpoint parameter passed in the second. I also see this in the recent versions:
2025-07-30 13:22:13.906 | 2025-07-30 20:22:13,906 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: environment_service
2025-07-30 13:22:13.907 | 2025-07-30 20:22:13,906 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: environment_global
2025-07-30 13:22:13.907 | 2025-07-30 20:22:13,907 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: config_service
2025-07-30 13:22:13.907 | 2025-07-30 20:22:13,907 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: config_global
2025-07-30 13:22:13.907 | 2025-07-30 20:22:13,907 - MainThread - botocore.configprovider - DEBUG - No configured endpoint found.
Full debug output for both:
bad_debug_log.txt
working_debug_log.txt
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
Endpoint is correctly handled while uploading artifacts during cloudformation package.
Current Behavior
Endpoint is not correctly handled during cloudformation package
Reproduction Steps
- Create a cloudformation template and attempt to package it with a nonstandard endpoint, such as while using a local emulation like localstack
- Observe the attempt to upload to a standard AWS endpoint when on
1.41.9or above
Possible Solution
It looks like create_client was modified to create_nested_client during this update. Perhaps some context is lost?
Additional Information/Context
No response
CLI version used
1.41.9
Environment details (OS name and version, etc.)
Docker, Node v20 on alpine 3.16