Module aws_config::web_identity_token
source · Expand description
Load Credentials from Web Identity Tokens
Web identity tokens can be loaded from file. The path may be set in one of three ways:
- Environment Variables
- AWS profile defined in
~/.aws/config
- Static configuration via
static_configuration
Note: WebIdentityTokenCredentialsProvider is part of the default provider chain. Unless you need specific behavior or configuration overrides, it is recommended to use the default chain instead of using this provider directly. This client should be considered a “low level” client as it does not include caching or profile-file resolution when used in isolation.
§Environment Variable Configuration
WebIdentityTokenCredentialProvider will load the following environment variables:
AWS_WEB_IDENTITY_TOKEN_FILE
: required, location to find the token file containing a JWT tokenAWS_ROLE_ARN
: required, role ARN to assumeAWS_IAM_ROLE_SESSION_NAME
: optional: Session name to use when assuming the role
§AWS Profile Configuration
Note: Configuration of the web identity token provider via a shared profile is only supported
when using the ProfileFileCredentialsProvider
.
Web identity token credentials can be loaded from ~/.aws/config
in two ways:
- Directly:
[profile default]
role_arn = arn:aws:iam::1234567890123:role/RoleA
web_identity_token_file = /token.jwt
- As a source profile for another role:
[profile default]
role_arn = arn:aws:iam::123456789:role/RoleA
source_profile = base
[profile base]
role_arn = arn:aws:iam::123456789012:role/s3-reader
web_identity_token_file = /token.jwt
§Examples
Web Identity Token providers are part of the default chain.
However, they may be directly constructed if you don’t want to use the default provider chain.
Unless overridden with static_configuration
, the provider will
load configuration from environment variables.
use aws_config::web_identity_token::WebIdentityTokenCredentialsProvider;
use aws_config::provider_config::ProviderConfig;
let provider = WebIdentityTokenCredentialsProvider::builder()
.configure(&ProviderConfig::with_default_region().await)
.build();
Structs§
- Builder for
WebIdentityTokenCredentialsProvider
. - Statically configured WebIdentityToken configuration
- Credential provider to load credentials from Web Identity Tokens