Struct aws_config::profile::credentials::ProfileFileCredentialsProvider

pub struct ProfileFileCredentialsProvider { /* private fields */ }

AWS Profile based credentials provider

This credentials provider will load credentials from ~/.aws/config and ~/.aws/credentials. The locations of these files are configurable via environment variables, see below.

Generally, this will be constructed via the default provider chain, however, it can be manually constructed with the builder:

use aws_config::profile::ProfileFileCredentialsProvider;
let provider = ProfileFileCredentialsProvider::builder().build();

Note: Profile providers to not implement any caching. They will reload and reparse the profile from the file system when called. See lazy_caching for more information about caching.

This provider supports several different credentials formats:

Credentials defined explicitly within the file

[default]
aws_access_key_id = 123
aws_secret_access_key = 456

Assume Role Credentials loaded from a credential source

[default]
role_arn = arn:aws:iam::123456789:role/RoleA
credential_source = Environment

NOTE: Currently only the Environment credential source is supported although it is possible to provide custom sources:

use aws_types::credentials::{self, ProvideCredentials, future};
use aws_config::profile::ProfileFileCredentialsProvider;
#[derive(Debug)]
struct MyCustomProvider;
impl MyCustomProvider {
    async fn load_credentials(&self) -> credentials::Result {
        todo!()
    }
}

impl ProvideCredentials for MyCustomProvider {
  fn provide_credentials<'a>(&'a self) -> future::ProvideCredentials where Self: 'a {
        future::ProvideCredentials::new(self.load_credentials())
    }
}
let provider = ProfileFileCredentialsProvider::builder()
    .with_custom_provider("Custom", MyCustomProvider)
    .build();
}

Assume role credentials from a source profile

[default]
role_arn = arn:aws:iam::123456789:role/RoleA
source_profile = base

[profile base]
aws_access_key_id = 123
aws_secret_access_key = 456

Other more complex configurations are possible, consult test-data/assume-role-tests.json.

Loading Credentials from SSO

[default]
sso_start_url = https://example.com/start
sso_region = us-east-2
sso_account_id = 123456789011
sso_role_name = readOnly
region = us-west-2

SSO can also be used as a source profile for assume role chains.

Location of Profile Files

• The location of the config file will be loaded from the AWS_CONFIG_FILE environment variable with a fallback to ~/.aws/config
• The location of the credentials file will be loaded from the AWS_SHARED_CREDENTIALS_FILE environment variable with a fallback to ~/.aws/credentials

Home directory resolution

Home directory resolution is implemented to match the behavior of the CLI & Python. ~ is only used for home directory resolution when it:

• Starts the path
• Is followed immediately by / or a platform specific separator. (On windows, ~/ and ~\ both resolve to the home directory.

When determining the home directory, the following environment variables are checked:

• HOME on all platforms
• USERPROFILE on Windows
• The concatenation of HOMEDRIVE and HOMEPATH on Windows ($HOMEDRIVE$HOMEPATH)

Implementations

impl ProfileFileCredentialsProvider

pub fn builder() -> Builder

Builder for this credentials provider

Trait Implementations

impl Debug for ProfileFileCredentialsProvider

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl ProvideCredentials for ProfileFileCredentialsProvider

fn provide_credentials<'a>(&'a self) -> ProvideCredentials<'a> where
    Self: 'a, 

Returns a future that provides credentials.