Setting up local https network to mock amazonaws.com in docker

You're not going to be able to MITM the https api request and return a different response. You can give the SDK a different url to hit (without https, or with a self-signed cert), and then set up a proxy to proxy requests to amazon when you want them to be send to amazon, and to your other service when you want to mock them.

Some random information on how to change the api request url in the javascript SDK: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/specifying-endpoints.html (as an example)

tls: unknown certificate authority

Based on this error message you need to update the list of trusted CA's in your environment. This needs to be done inside each image (or resulting container) that will connect to your mock service. The process varies based on the base image you select, and this question on unix.se covers many of the methods.

The Debian process:

apt-get install ca-certificatescp cacert.pem /usr/share/ca-certificatesdpkg-reconfigure ca-certificates

The CentOS process:

cp cacert.pem /etc/pki/ca-trust/source/anchors/update-ca-trust extract

The Alpine process:

apk add --no-cache ca-certificatesmkdir /usr/local/share/ca-certificatescp cacert.pem /usr/local/share/ca-certificates/update-ca-certificates

You are going to struggle/compromise to intercept the AWS API Calls without bypassing the validation of the cert chain.

I suggest that you provide a Custom Endpoint to the AWS SDK Client in your NodeJS code to point to the LocalStack endpoint. This value could be passed using environment variables in your test environments.

var sqsClient = new AWS.SQS(           {endpoint: process.env.SQSCLIENT});

Then pass the LocalStack URL into the container for test environments:

docker run mymicroservice -e SQSCLIENT='http://localstack:4576'