Expand description

AWS SDK Credentials

Implementing your own credentials provider

While for many use cases, using a built in credentials provider is sufficient, you may want to implement your own credential provider.

With static credentials

Note: In general, you should prefer to use the credential providers that come with the AWS SDK to get credentials. It is NOT secure to hardcode credentials into your application. Only use this approach if you really know what you’re doing.

Enable the hardcoded-credentials feature to be able to use Credentials::from_keys to construct credentials from hardcoded values.

With dynamically loaded credentials

If you are loading credentials dynamically, you can provide your own implementation of ProvideCredentials. Generally, this is best done by defining an inherent async fn on your structure, then calling that method directly from the trait implementation.

use aws_credential_types::{
    provider::{self, future, error::CredentialsError, ProvideCredentials},
    Credentials,
};
#[derive(Debug)]
struct SubprocessCredentialProvider;

async fn invoke_command(command: &str) -> String {
    // implementation elided...
}

/// Parse access key and secret from the first two lines of a string
fn parse_credentials(creds: &str) -> provider::Result {
    let mut lines = creds.lines();
    let akid = lines.next().ok_or(CredentialsError::provider_error("invalid credentials"))?;
    let secret = lines.next().ok_or(CredentialsError::provider_error("invalid credentials"))?;
    Ok(Credentials::new(akid, secret, None, None, "CustomCommand"))
}

impl SubprocessCredentialProvider {
    async fn load_credentials(&self) -> provider::Result {
        let creds = invoke_command("load-credentials.py").await;
        parse_credentials(&creds)
    }
}

impl ProvideCredentials for SubprocessCredentialProvider {
    fn provide_credentials<'a>(&'a self) -> future::ProvideCredentials<'a> where Self: 'a {
        future::ProvideCredentials::new(self.load_credentials())
    }
}

Modules

  • Credentials provider errors
  • Convenience ProvideCredentials struct that implements the ProvideCredentials trait.

Structs

Traits

Type Definitions

  • Result type for credential providers.