aws_config::profile::credentials

Struct ProfileFileCredentialsProvider

Source
pub struct ProfileFileCredentialsProvider { /* private fields */ }
Expand description

AWS Profile based credentials provider

This credentials provider will load credentials from ~/.aws/config and ~/.aws/credentials. The locations of these files are configurable via environment variables, see below.

Generally, this will be constructed via the default provider chain, however, it can be manually constructed with the builder:

use aws_config::profile::ProfileFileCredentialsProvider;
let provider = ProfileFileCredentialsProvider::builder().build();

Note: Profile providers, when called, will load and parse the profile from the file system only once. Parsed file contents will be cached indefinitely.

This provider supports several different credentials formats:

§Credentials defined explicitly within the file

[default]
aws_access_key_id = 123
aws_secret_access_key = 456

§Assume Role Credentials loaded from a credential source

[default]
role_arn = arn:aws:iam::123456789:role/RoleA
credential_source = Environment

NOTE: Currently only the Environment credential source is supported although it is possible to provide custom sources:

use aws_credential_types::provider::{self, future, ProvideCredentials};
use aws_config::profile::ProfileFileCredentialsProvider;
#[derive(Debug)]
struct MyCustomProvider;
impl MyCustomProvider {
    async fn load_credentials(&self) -> provider::Result {
        todo!()
    }
}

impl ProvideCredentials for MyCustomProvider {
  fn provide_credentials<'a>(&'a self) -> future::ProvideCredentials where Self: 'a {
        future::ProvideCredentials::new(self.load_credentials())
    }
}
let provider = ProfileFileCredentialsProvider::builder()
    .with_custom_provider("Custom", MyCustomProvider)
    .build();
}

§Assume role credentials from a source profile

[default]
role_arn = arn:aws:iam::123456789:role/RoleA
source_profile = base

[profile base]
aws_access_key_id = 123
aws_secret_access_key = 456

Other more complex configurations are possible, consult test-data/assume-role-tests.json.

§Credentials loaded from an external process

[default]
credential_process = /opt/bin/awscreds-custom --username helen

An external process can be used to provide credentials.

§Loading Credentials from SSO

[default]
sso_start_url = https://example.com/start
sso_region = us-east-2
sso_account_id = 123456789011
sso_role_name = readOnly
region = us-west-2

SSO can also be used as a source profile for assume role chains.

§Location of Profile Files

  • The location of the config file will be loaded from the AWS_CONFIG_FILE environment variable with a fallback to ~/.aws/config
  • The location of the credentials file will be loaded from the AWS_SHARED_CREDENTIALS_FILE environment variable with a fallback to ~/.aws/credentials

The location of these files can also be customized programmatically using ProfileFiles.

§Home directory resolution

Home directory resolution is implemented to match the behavior of the CLI & Python. ~ is only used for home directory resolution when it:

  • Starts the path
  • Is followed immediately by / or a platform specific separator. (On windows, ~/ and ~\ both resolve to the home directory.

When determining the home directory, the following environment variables are checked:

  • HOME on all platforms
  • USERPROFILE on Windows
  • The concatenation of HOMEDRIVE and HOMEPATH on Windows ($HOMEDRIVE$HOMEPATH)

Implementations§

Source§

impl ProfileFileCredentialsProvider

Source

pub fn builder() -> Builder

Builder for this credentials provider

Trait Implementations§

Source§

impl Debug for ProfileFileCredentialsProvider

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl ProvideCredentials for ProfileFileCredentialsProvider

Source§

fn provide_credentials<'a>(&'a self) -> ProvideCredentials<'a>
where Self: 'a,

Returns a future that provides credentials.
Source§

fn fallback_on_interrupt(&self) -> Option<Credentials>

Returns fallback credentials. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

Source§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more