Skip to content
/ awscurl Public

curl-like access to AWS resources with AWS Signature Version 4 request signing.


Notifications You must be signed in to change notification settings


Repository files navigation

awscurl Donate Donate Donate

PyPI Build Status Docker Hub CI badge

Edit with gitpod Edit with vscode Edit with github codespaces

curl-like tool with AWS Signature Version 4 request signing.


  • performs requests to AWS services with request signing using curl interface
  • supports IAM profile credentials


Requests to AWS API must be signed (see Signing AWS API Requests) automates the process of signing and makes requests to AWS as simple as a standard curl command.


pip install awscurl

Installation from source (bleeding edge)

pip install git+

Installation via Homebrew for MacOS

brew install awscurl

Running via Docker

docker pull okigan/awscurl # or via docker pull 

or via Github docker registry

docker pull 


$ docker run --rm -it okigan/awscurl --access_key ACCESS_KEY  --secret_key SECRET_KEY --service s3 s3://...

# or allow access to local credentials as following
$ docker run --rm -it -v "$HOME/.aws:/root/.aws" okigan/awscurl --service s3 s3://...

To shorten the length of docker commands use the following alias:

alias awscurl='docker run --rm -ti -v "$HOME/.aws:/root/.aws" -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SECURITY_TOKEN -e AWS_PROFILE okigan/awscurl'

This will allow you to run awscurl from within a Docker container as if it was installed on the host system:



  • Call S3: List bucket content

    $ awscurl --service s3 '' | tidy -xml -iq
    <?xml version="1.0" encoding="utf-8"?>
    <ListBucketResult xmlns="">
  • Call EC2:

    $ awscurl --service ec2 '' | tidy -xml -iq 
    <?xml version="1.0" encoding="utf-8"?>
    <DescribeRegionsResponse xmlns="">
  • Call API Gateway:

    $ awscurl --service execute-api -X POST -d @request.json \


usage: awscurl [-h] [-v] [-i] [-X REQUEST] [-d DATA] [-H HEADER]
                  [--region REGION] [--service SERVICE]
                  [--profile AWS_PROFILE]
                  [--access_key ACCESS_KEY] [--secret_key SECRET_KEY]
                  [--security_token SECURITY_TOKEN]

Curl AWS request signing If an arg is specified in more than one place, then
command-line values override environment variables which override defaults.

positional arguments:

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         verbose flag (default: False)
  -i, --include         include headers in response (default: False)
  -X REQUEST, --request REQUEST
                        Specify request command to use (default: GET)
  -d DATA, --data DATA  HTTP POST data (default: )
  -H HEADER, --header HEADER
                        HTTP POST data (default: None)
  --region REGION       AWS region (default: us-east-1)
  --profile PROFILE     [env var: AWS_PROFILE] (default: default)
  --service SERVICE     AWS service (default: execute-api)
  --access_key ACCESS_KEY
                        [env var: AWS_ACCESS_KEY_ID] (default: None)
  --secret_key SECRET_KEY
                        [env var: AWS_SECRET_ACCESS_KEY] (default: None)
  --security_token SECURITY_TOKEN
                        [env var: AWS_SECURITY_TOKEN] (default: None)

If you do not specify the --access_key or --secret_key (or environment variables), awscurl will attempt to use the credentials you set in ~/.aws/credentials. If you do not specify a --profile or AWS_PROFILE, awscurl uses default.

Who uses awscurl

Star History

Star History Chart

Related projects

Last but not least