Struct ProfileFileCredentialsProvider

pub struct ProfileFileCredentialsProvider { /* private fields */ }

AWS Profile based credentials provider

This credentials provider will load credentials from ~/.aws/config and ~/.aws/credentials. The locations of these files are configurable via environment variables, see below.

Generally, this will be constructed via the default provider chain, however, it can be manually constructed with the builder:

use aws_config::profile::ProfileFileCredentialsProvider;
let provider = ProfileFileCredentialsProvider::builder().build();

Note: Profile providers, when called, will load and parse the profile from the file system only once. Parsed file contents will be cached indefinitely.

This provider supports several different credentials formats:

Credentials defined explicitly within the file

[default]
aws_access_key_id = 123
aws_secret_access_key = 456

Assume Role Credentials loaded from a credential source

[default]
role_arn = arn:aws:iam::123456789:role/RoleA
credential_source = Environment

NOTE: Currently only the Environment credential source is supported although it is possible to provide custom sources:

use aws_credential_types::provider::{self, future, ProvideCredentials};
use aws_config::profile::ProfileFileCredentialsProvider;
#[derive(Debug)]
struct MyCustomProvider;
impl MyCustomProvider {
    async fn load_credentials(&self) -> provider::Result {
        todo!()
    }
}

impl ProvideCredentials for MyCustomProvider {
  fn provide_credentials<'a>(&'a self) -> future::ProvideCredentials where Self: 'a {
        future::ProvideCredentials::new(self.load_credentials())
    }
}
let provider = ProfileFileCredentialsProvider::builder()
    .with_custom_provider("Custom", MyCustomProvider)
    .build();
}

Assume role credentials from a source profile

[default]
role_arn = arn:aws:iam::123456789:role/RoleA
source_profile = base

[profile base]
aws_access_key_id = 123
aws_secret_access_key = 456

Other more complex configurations are possible, consult test-data/assume-role-tests.json.

Credentials loaded from an external process

[default]
credential_process = /opt/bin/awscreds-custom --username helen

An external process can be used to provide credentials.

Loading Credentials from SSO

[default]
sso_start_url = https://example.com/start
sso_region = us-east-2
sso_account_id = 123456789011
sso_role_name = readOnly
region = us-west-2

SSO can also be used as a source profile for assume role chains.

Location of Profile Files

• The location of the config file will be loaded from the AWS_CONFIG_FILE environment variable with a fallback to ~/.aws/config
• The location of the credentials file will be loaded from the AWS_SHARED_CREDENTIALS_FILE environment variable with a fallback to ~/.aws/credentials

The location of these files can also be customized programmatically using ProfileFiles.

Home directory resolution

Home directory resolution is implemented to match the behavior of the CLI & Python. ~ is only used for home directory resolution when it:

• Starts the path
• Is followed immediately by / or a platform specific separator. (On windows, ~/ and ~\ both resolve to the home directory.

When determining the home directory, the following environment variables are checked:

• HOME on all platforms
• USERPROFILE on Windows
• The concatenation of HOMEDRIVE and HOMEPATH on Windows ($HOMEDRIVE$HOMEPATH)

Implementations

impl ProfileFileCredentialsProvider

pub fn builder() -> Builder

Builder for this credentials provider

Trait Implementations

impl Debug for ProfileFileCredentialsProvider

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl ProvideCredentials for ProfileFileCredentialsProvider

fn provide_credentials<'a>(&'a self) -> ProvideCredentials<'a>

where Self: 'a,

Returns a future that provides credentials.

fn fallback_on_interrupt(&self) -> Option<Credentials>

Returns fallback credentials.