Module aws_config::ecs
source · [−]Expand description
Ecs Credentials Provider
This credential provider is frequently used with an AWS-provided credentials service (e.g. IAM Roles for tasks). However, it’s possible to use environment variables to configure this provider to use your own credentials sources.
This provider is part of the default credentials chain.
Configuration
First: It will check the value of $AWS_CONTAINER_CREDENTIALS_RELATIVE_URI. It will use this
to construct a URI rooted at http://169.254.170.2. For example, if the value of the environment
variable was /credentials, the SDK would look for credentials at http://169.254.170.2/credentials.
Next: It wil check the value of $AWS_CONTAINER_CREDENTIALS_FULL_URI. This specifies the full
URL to load credentials. The URL MUST satisfy one of the following two properties:
- The URL begins with
https - The URL refers to a loopback device. If a URL contains a domain name instead of an IP address,
a DNS lookup will be performed. ALL resolved IP addresses MUST refer to a loopback interface, or
the credentials provider will return
CredentialsError::InvalidConfiguration
Finally: It will check the value of $AWS_CONTAINER_AUTHORIZATION_TOKEN. If this is set, the
value will be passed in the Authorization header.
Credentials Format
Credentials MUST be returned in a JSON format:
{
"AccessKeyId" : "MUA...",
"SecretAccessKey" : "/7PC5om....",
"Token" : "AQoDY....=",
"Expiration" : "2016-02-25T06:03:31Z"
}Credentials errors MAY be returned with a code and message field:
{
"code": "ErrorCode",
"message": "Helpful error message."
}Structs
Builder for EcsCredentialsProvider
Credential provider for ECS and generalized HTTP credentials
Enums
Invalid Full URI
Type Definitions
Dns resolver interface