amazonka-2.0: Comprehensive Amazon Web Services SDK.
Copyright(c) 2013-2023 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityprovisional
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Amazonka.Auth.ConfigFile

Description

Retrieve authentication credentials from AWS config/credentials files.

Synopsis

Documentation

fromFilePath Source #

Arguments

:: forall m (withAuth :: Type -> Type). (MonadIO m, Foldable withAuth) 
=> Text

Profile name

-> FilePath

Credentials file

-> FilePath

Config file

-> Env' withAuth 
-> m Env 

Retrieve credentials from the AWS config/credentials files, as Amazonka currently understands them:

  • AWS recommends credentials do not live in the config file, but allows it. You should instead define them in the credentials file.
  • You can set role_arn together with either source_profile, credential_source , or web_identity_token_file. Unlike the standard SDK we only support role_session_name for web_identity_token_file and not the other AssumeRole methods. This might be fixed in the future.
  • If you set role_arn and source_profile, the source profile's credentials will be used to assume the role.
  • If you set role_arn and credential_source, the credentials are retrieved from the specified source. The source can be one of Environment, Ec2InstanceMetadata, or EcsContainer.
  • If you set role_arn and web_identity_token_file, the OIDC token in the file will be used to assume the role. You can also set role_session_name to specify the name of the session.
  • You can finally also configure assuming a role using AWS Identity Center (Formerly AWS SSO) by setting sso_start_url, sso_region, sso_account_id, and sso_role_name in your profile section. Amazonka currently does not initiate the SSO login flow, so you will have to do that yourself using the AWS CLI. Amazonka will then look in ~/.aws/sso/cache for a cached token.
  • We currently only support Legacy SSO profiles and do not support setting common SSO settings in a [sso-session name] section or support token refresh. So use the following guide to set up your AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/sso-configure-profile-legacy.html
  • Sections in the config file start should either be named [default] or [profile foo]. Unprefixed [foo] currently "happens to work" but is not officially supported, to match the observed behaviour of the AWS SDK/CLI.
  • Sections in the credentials file are always unprefixed - [default] or [foo].

See: the ConfigProfile type, to understand the methods Amazonka currently supports.

mergeConfigs Source #

Arguments

:: HashMap Text [(Text, Text)]

Credentials

-> HashMap Text [(Text, Text)]

Config

-> HashMap Text (HashMap Text Text) 

data ConfigProfile Source #

Constructors

ExplicitKeys AuthEnv

Recognizes aws_access_key_id, aws_secret_access_key, and optionally aws_session_token.

AssumeRoleFromProfile Text Text

Recognizes role_arn and source_profile.

AssumeRoleFromCredentialSource Text CredentialSource

Recognizes role_arn and credential_source.

AssumeRoleWithWebIdentity Text (Maybe Text) FilePath

Recognizes role_arn, role_session_name, and web_identity_token_file.

AssumeRoleViaSSO Text Region Text Text

Recognizes sso_start_url, sso_region, sso_account_id, and sso_role_name.

Instances

Instances details
Generic ConfigProfile Source # 
Instance details

Defined in Amazonka.Auth.ConfigFile

Associated Types

type Rep ConfigProfile 
Instance details

Defined in Amazonka.Auth.ConfigFile

type Rep ConfigProfile = D1 ('MetaData "ConfigProfile" "Amazonka.Auth.ConfigFile" "amazonka-2.0-2bCDfcageaLEnU0WAFn9CF" 'False) ((C1 ('MetaCons "ExplicitKeys" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 AuthEnv)) :+: C1 ('MetaCons "AssumeRoleFromProfile" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) :+: (C1 ('MetaCons "AssumeRoleFromCredentialSource" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 CredentialSource)) :+: (C1 ('MetaCons "AssumeRoleWithWebIdentity" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 FilePath))) :+: C1 ('MetaCons "AssumeRoleViaSSO" 'PrefixI 'False) ((S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Region)) :*: (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))))
Show ConfigProfile Source # 
Instance details

Defined in Amazonka.Auth.ConfigFile

Eq ConfigProfile Source # 
Instance details

Defined in Amazonka.Auth.ConfigFile

type Rep ConfigProfile Source # 
Instance details

Defined in Amazonka.Auth.ConfigFile

type Rep ConfigProfile = D1 ('MetaData "ConfigProfile" "Amazonka.Auth.ConfigFile" "amazonka-2.0-2bCDfcageaLEnU0WAFn9CF" 'False) ((C1 ('MetaCons "ExplicitKeys" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 AuthEnv)) :+: C1 ('MetaCons "AssumeRoleFromProfile" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) :+: (C1 ('MetaCons "AssumeRoleFromCredentialSource" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 CredentialSource)) :+: (C1 ('MetaCons "AssumeRoleWithWebIdentity" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 FilePath))) :+: C1 ('MetaCons "AssumeRoleViaSSO" 'PrefixI 'False) ((S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Region)) :*: (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))))

data CredentialSource Source #

Instances

Instances details
Generic CredentialSource Source # 
Instance details

Defined in Amazonka.Auth.ConfigFile

Associated Types

type Rep CredentialSource 
Instance details

Defined in Amazonka.Auth.ConfigFile

type Rep CredentialSource = D1 ('MetaData "CredentialSource" "Amazonka.Auth.ConfigFile" "amazonka-2.0-2bCDfcageaLEnU0WAFn9CF" 'False) (C1 ('MetaCons "Environment" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Ec2InstanceMetadata" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "EcsContainer" 'PrefixI 'False) (U1 :: Type -> Type)))
Show CredentialSource Source # 
Instance details

Defined in Amazonka.Auth.ConfigFile

Eq CredentialSource Source # 
Instance details

Defined in Amazonka.Auth.ConfigFile

type Rep CredentialSource Source # 
Instance details

Defined in Amazonka.Auth.ConfigFile

type Rep CredentialSource = D1 ('MetaData "CredentialSource" "Amazonka.Auth.ConfigFile" "amazonka-2.0-2bCDfcageaLEnU0WAFn9CF" 'False) (C1 ('MetaCons "Environment" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Ec2InstanceMetadata" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "EcsContainer" 'PrefixI 'False) (U1 :: Type -> Type)))

fromFileEnv :: forall m (withAuth :: Type -> Type). (MonadIO m, Foldable withAuth) => Env' withAuth -> m Env Source #

Loads the default config/credentials INI files and selects a profile by environment variable (AWS_PROFILE).

Throws MissingFileError if credFile is missing, or InvalidFileError if an error occurs during parsing.

If AWS_SHARED_CREDENTIALS_FILE is set, it will be used instead of looking for .aws/credentials in the HOME directory If AWS_CONFIG_FILE is set, it will be used instead of looking for .aws/config in the HOME directory. If AWS_PROFILE is set, it will be used instead of the default profile

This looks in in the HOME directory as determined by the directory library.

  • Not Windows: $HOME/.aws/credentials
  • Windows: %USERPROFILE%\.aws\credentials