Skip to content
Switch branches/tags


Failed to load latest commit information.
Latest commit message
Commit time

awscurl Donate Donate Donate

PyPI Build Status Docker Hub

CI badge Donate

curl-like tool with AWS Signature Version 4 request signing.


  • performes requests to AWS services with requests signing using curl interface
  • supports IAM profile credentials


Requests to AWS API must be signed (see Signing AWS API Requests) automates the process of signing and allows to make requests to AWS as simple as standard curl command.


$ pip install awscurl

Installation from source (bleeding edge)

$ pip install git+

Installation via Homebrew for MacOS

$ brew install awscurl

Running via Docker

$ docker pull okigan/awscurl # or via docker pull 

or via Github docker registry

$ docker pull 


$ docker run --rm -it okigan/awscurl --access_key ACCESS_KEY  --secret_key SECRET_KEY --service s3 s3://...

# or allow access to local credentials as following
$ docker run --rm -it -v "$HOME/.aws:/root/.aws" okigan/awscurl --service s3 s3://...

To shorten the length of docker commands use the following alias:

$ alias awscurl='docker run --rm -ti -v "$HOME/.aws:/root/.aws" -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SECURITY_TOKEN -e AWS_PROFILE okigan/awscurl'

This will allow you to run the awscurl from within a Docker container as if it was installed on the host system:

$ awscurl


  • Call S3: List bucket content

    $ awscurl --service s3 | tidy -xml -iq
    <?xml version="1.0" encoding="utf-8"?>
    <ListBucketResult xmlns="">
  • Call EC2:

    $ awscurl --service ec2 '' | tidy -xml -iq 
    <?xml version="1.0" encoding="utf-8"?>
    <DescribeRegionsResponse xmlns="">
  • Call API Gateway:

    $ awscurl --service execute-api -X POST -d @request.json \


usage: awscurl [-h] [-v] [-i] [-X REQUEST] [-d DATA] [-H HEADER]
                  [--region REGION] [--service SERVICE]
                  [--profile AWS_PROFILE]
                  [--access_key ACCESS_KEY] [--secret_key SECRET_KEY]
                  [--security_token SECURITY_TOKEN]

Curl AWS request signing If an arg is specified in more than one place, then
command-line values override environment variables which override defaults.

positional arguments:

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         verbose flag (default: False)
  -i, --include         include headers in response (default: False)
  -X REQUEST, --request REQUEST
                        Specify request command to use (default: GET)
  -d DATA, --data DATA  HTTP POST data (default: )
  -H HEADER, --header HEADER
                        HTTP POST data (default: None)
  --region REGION       AWS region (default: us-east-1)
  --profile PROFILE     [env var: AWS_PROFILE] (default: default)
  --service SERVICE     AWS service (default: execute-api)
  --access_key ACCESS_KEY
                        [env var: AWS_ACCESS_KEY_ID] (default: None)
  --secret_key SECRET_KEY
                        [env var: AWS_SECRET_ACCESS_KEY] (default: None)
  --security_token SECURITY_TOKEN
                        [env var: AWS_SECURITY_TOKEN] (default: None)

If you do not specify the --access_key or --secret_key (or environment variables), awscurl will attempt to use the credentials you set in ~/.aws/credentials. If you do not specify a --profile or AWS_PROFILE, awscurl uses default.

Who uses awscurl

Related projects

Last but not least