Module aws_config::ecs

source ·
Expand description

Ecs Credentials Provider

This credential provider is frequently used with an AWS-provided credentials service (e.g. IAM Roles for tasks). However, it’s possible to use environment variables to configure this provider to use your own credentials sources.

This provider is part of the default credentials chain.

Configuration

First: It will check the value of $AWS_CONTAINER_CREDENTIALS_RELATIVE_URI. It will use this to construct a URI rooted at http://169.254.170.2. For example, if the value of the environment variable was /credentials, the SDK would look for credentials at http://169.254.170.2/credentials.

Next: It wil check the value of $AWS_CONTAINER_CREDENTIALS_FULL_URI. This specifies the full URL to load credentials. The URL MUST satisfy one of the following two properties:

  1. The URL begins with https
  2. The URL refers to a loopback device. If a URL contains a domain name instead of an IP address, a DNS lookup will be performed. ALL resolved IP addresses MUST refer to a loopback interface, or the credentials provider will return CredentialsError::InvalidConfiguration

Finally: It will check the value of $AWS_CONTAINER_AUTHORIZATION_TOKEN. If this is set, the value will be passed in the Authorization header.

Credentials Format

Credentials MUST be returned in a JSON format:

{
   "AccessKeyId" : "MUA...",
   "SecretAccessKey" : "/7PC5om....",
   "Token" : "AQoDY....=",
   "Expiration" : "2016-02-25T06:03:31Z"
 }

Credentials errors MAY be returned with a code and message field:

{
  "code": "ErrorCode",
  "message": "Helpful error message."
}

Structs

Type Definitions