7 "github.com/aws/aws-sdk-go/aws/credentials"
8 "github.com/aws/aws-sdk-go/aws/defaults"
11 // EnvProviderName provides a name of the provider when config is loaded from environment.
12 const EnvProviderName = "EnvConfigCredentials"
14 // envConfig is a collection of environment values the SDK will read
15 // setup config from. All environment values are optional. But some values
16 // such as credentials require multiple values to be complete or the values
18 type envConfig struct {
19 // Environment configuration values. If set both Access Key ID and Secret Access
20 // Key must be provided. Session Token and optionally also be provided, but is
24 // AWS_ACCESS_KEY_ID=AKID
25 // AWS_ACCESS_KEY=AKID # only read if AWS_ACCESS_KEY_ID is not set.
27 // # Secret Access Key
28 // AWS_SECRET_ACCESS_KEY=SECRET
29 // AWS_SECRET_KEY=SECRET=SECRET # only read if AWS_SECRET_ACCESS_KEY is not set.
32 // AWS_SESSION_TOKEN=TOKEN
33 Creds credentials.Value
35 // Region value will instruct the SDK where to make service API requests to. If is
36 // not provided in the environment the region must be provided before a service
37 // client request is made.
39 // AWS_REGION=us-east-1
41 // # AWS_DEFAULT_REGION is only read if AWS_SDK_LOAD_CONFIG is also set,
42 // # and AWS_REGION is not also set.
43 // AWS_DEFAULT_REGION=us-east-1
46 // Profile name the SDK should load use when loading shared configuration from the
47 // shared configuration files. If not provided "default" will be used as the
50 // AWS_PROFILE=my_profile
52 // # AWS_DEFAULT_PROFILE is only read if AWS_SDK_LOAD_CONFIG is also set,
53 // # and AWS_PROFILE is not also set.
54 // AWS_DEFAULT_PROFILE=my_profile
57 // SDK load config instructs the SDK to load the shared config in addition to
58 // shared credentials. This also expands the configuration loaded from the shared
59 // credentials to have parity with the shared config file. This also enables
60 // Region and Profile support for the AWS_DEFAULT_REGION and AWS_DEFAULT_PROFILE
61 // env values as well.
63 // AWS_SDK_LOAD_CONFIG=1
64 EnableSharedConfig bool
66 // Shared credentials file path can be set to instruct the SDK to use an alternate
67 // file for the shared credentials. If not set the file will be loaded from
68 // $HOME/.aws/credentials on Linux/Unix based systems, and
69 // %USERPROFILE%\.aws\credentials on Windows.
71 // AWS_SHARED_CREDENTIALS_FILE=$HOME/my_shared_credentials
72 SharedCredentialsFile string
74 // Shared config file path can be set to instruct the SDK to use an alternate
75 // file for the shared config. If not set the file will be loaded from
76 // $HOME/.aws/config on Linux/Unix based systems, and
77 // %USERPROFILE%\.aws\config on Windows.
79 // AWS_CONFIG_FILE=$HOME/my_shared_config
80 SharedConfigFile string
82 // Sets the path to a custom Credentials Authroity (CA) Bundle PEM file
83 // that the SDK will use instead of the system's root CA bundle.
84 // Only use this if you want to configure the SDK to use a custom set
87 // Enabling this option will attempt to merge the Transport
88 // into the SDK's HTTP client. If the client's Transport is
89 // not a http.Transport an error will be returned. If the
90 // Transport's TLS config is set this option will cause the
91 // SDK to overwrite the Transport's TLS config's RootCAs value.
93 // Setting a custom HTTPClient in the aws.Config options will override this setting.
94 // To use this option and custom HTTP client, the HTTP client needs to be provided
95 // when creating the session. Not the service client.
97 // AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
107 csmEnabledEnvKey = []string{
110 csmPortEnvKey = []string{
113 csmClientIDEnvKey = []string{
116 credAccessEnvKey = []string{
120 credSecretEnvKey = []string{
121 "AWS_SECRET_ACCESS_KEY",
124 credSessionEnvKey = []string{
128 regionEnvKeys = []string{
130 "AWS_DEFAULT_REGION", // Only read if AWS_SDK_LOAD_CONFIG is also set
132 profileEnvKeys = []string{
134 "AWS_DEFAULT_PROFILE", // Only read if AWS_SDK_LOAD_CONFIG is also set
136 sharedCredsFileEnvKey = []string{
137 "AWS_SHARED_CREDENTIALS_FILE",
139 sharedConfigFileEnvKey = []string{
144 // loadEnvConfig retrieves the SDK's environment configuration.
145 // See `envConfig` for the values that will be retrieved.
147 // If the environment variable `AWS_SDK_LOAD_CONFIG` is set to a truthy value
148 // the shared SDK config will be loaded in addition to the SDK's specific
149 // configuration values.
150 func loadEnvConfig() envConfig {
151 enableSharedConfig, _ := strconv.ParseBool(os.Getenv("AWS_SDK_LOAD_CONFIG"))
152 return envConfigLoad(enableSharedConfig)
155 // loadEnvSharedConfig retrieves the SDK's environment configuration, and the
156 // SDK shared config. See `envConfig` for the values that will be retrieved.
158 // Loads the shared configuration in addition to the SDK's specific configuration.
159 // This will load the same values as `loadEnvConfig` if the `AWS_SDK_LOAD_CONFIG`
160 // environment variable is set.
161 func loadSharedEnvConfig() envConfig {
162 return envConfigLoad(true)
165 func envConfigLoad(enableSharedConfig bool) envConfig {
168 cfg.EnableSharedConfig = enableSharedConfig
170 setFromEnvVal(&cfg.Creds.AccessKeyID, credAccessEnvKey)
171 setFromEnvVal(&cfg.Creds.SecretAccessKey, credSecretEnvKey)
172 setFromEnvVal(&cfg.Creds.SessionToken, credSessionEnvKey)
174 // CSM environment variables
175 setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey)
176 setFromEnvVal(&cfg.CSMPort, csmPortEnvKey)
177 setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey)
178 cfg.CSMEnabled = len(cfg.csmEnabled) > 0
180 // Require logical grouping of credentials
181 if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 {
182 cfg.Creds = credentials.Value{}
184 cfg.Creds.ProviderName = EnvProviderName
187 regionKeys := regionEnvKeys
188 profileKeys := profileEnvKeys
189 if !cfg.EnableSharedConfig {
190 regionKeys = regionKeys[:1]
191 profileKeys = profileKeys[:1]
194 setFromEnvVal(&cfg.Region, regionKeys)
195 setFromEnvVal(&cfg.Profile, profileKeys)
197 setFromEnvVal(&cfg.SharedCredentialsFile, sharedCredsFileEnvKey)
198 setFromEnvVal(&cfg.SharedConfigFile, sharedConfigFileEnvKey)
200 if len(cfg.SharedCredentialsFile) == 0 {
201 cfg.SharedCredentialsFile = defaults.SharedCredentialsFilename()
203 if len(cfg.SharedConfigFile) == 0 {
204 cfg.SharedConfigFile = defaults.SharedConfigFilename()
207 cfg.CustomCABundle = os.Getenv("AWS_CA_BUNDLE")
212 func setFromEnvVal(dst *string, keys []string) {
213 for _, k := range keys {
214 if v := os.Getenv(k); len(v) > 0 {