Module aws_config::ecs [−][src]
Expand description
Ecs Credentials Provider
This credential provider is frequently used with an AWS-provided credentials service (e.g. IAM Roles for tasks. However, it’s possible to use environment variables to configure this provider to use your own credentials sources.
Configuration
First: It will check the value of $AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
. It will use this
to construct a URI rooted at http://169.254.170.2
. For example, if the value of the environment
variable was /credentials
, the SDK would look for credentials at http://169.254.170.2/credentials
.
Next: It wil check the value of $AWS_CONTAINER_CREDENTIALS_FULL_URI
. This specifies the full
URL to load credentials. The URL MUST satisfy one of the following two properties:
- The URL begins with
https
- The URL refers to a loopback device. If a URL contains a domain name instead of an IP address,
a DNS lookup will be performed. ALL resolved IP addresses MUST refer to a loopback interface, or
the credentials provider will return
CredentialsError::InvalidConfiguration
Finally: It will check the value of $AWS_CONTAINER_AUTHORIZATION_TOKEN
. If this is set, the
value will be passed in the Authorization
header.
Credentials Format
Credentials MUST be returned in a JSON format:
{
"AccessKeyId" : "MUA...",
"SecretAccessKey" : "/7PC5om....",
"Token" : "AQoDY....=",
"Expiration" : "2016-02-25T06:03:31Z"
}
Credentials errors MAY be returned with a code
and message
field:
{
"code": "ErrorCode",
"message": "Helpful error message."
}
Structs
Builder for EcsCredentialsProvider
Credential provider for ECS and generalized HTTP credentials
Enums
Invalid Full URI
Type Definitions
Dns resolver interface