Package ec2rolecreds provides the credentials provider implementation for retrieving AWS credentials from Amazon EC2 Instance Roles via Amazon EC2 IMDS.
Concurrency and caching ¶The Provider is not safe to be used concurrently, and does not provide any caching of credentials retrieved. You should wrap the Provider with a `aws.CredentialsCache` to provide concurrency safety, and caching of credentials.
Loading credentials with the SDK's AWS Config ¶The EC2 Instance role credentials provider will automatically be the resolved credential provider in the credential chain if no other credential provider is resolved first.
To explicitly instruct the SDK's credentials resolving to use the EC2 Instance role for credentials, you specify a `credentials_source` property in the config profile the SDK will load.
[default] credential_source = Ec2InstanceMetadataLoading credentials with the Provider directly ¶
Another way to use the EC2 Instance role credentials provider is to create it directly and assign it as the credentials provider for an API client.
The following example creates a credentials provider for a command, and wraps it with the CredentialsCache before assigning the provider to the Amazon S3 API client's Credentials option.
provider := imds.New(imds.Options{})
// Create the service client value configured for credentials.
svc := s3.New(s3.Options{
Credentials: aws.NewCredentialsCache(provider),
})
If you need more control, you can set the configuration options on the credentials provider using the imds.Options type to configure the EC2 IMDS API Client and ExpiryWindow of the retrieved credentials.
provider := imds.New(imds.Options{
// See imds.Options type's documentation for more options available.
Client: imds.New(Options{
HTTPClient: customHTTPClient,
}),
// Modify how soon credentials expire prior to their original expiry time.
ExpiryWindow: 5 * time.Minute,
})
EC2 IMDS API Client ¶
See the github.com/aws/aws-sdk-go-v2/feature/ec2/imds module for more details on configuring the client, and options available.
ProviderName provides a name of EC2Role provider
This section is empty.
This section is empty.
GetMetadataAPIClient provides the interface for an EC2 IMDS API client for the GetMetadata operation.
Options is a list of user settable options for setting the behavior of the Provider.
A Provider retrieves credentials from the EC2 service, and keeps track if those credentials are expired.
The New function must be used to create the with a custom EC2 IMDS client.
p := &ec2rolecreds.New(func(o *ec2rolecreds.Options{
o.Client = imds.New(imds.Options{/* custom options */})
})
New returns an initialized Provider value configured to retrieve credentials from EC2 Instance Metadata service.
AdjustExpiresBy will adds the passed in duration to the passed in credential's Expires time, unless the time until Expires is less than 15 minutes. Returns the credentials, even if not updated.
func (*Provider) HandleFailToRefresh ¶ added in v1.11.0HandleFailToRefresh will extend the credentials Expires time if it it is expired. If the credentials will not expire within the minimum time, they will be returned.
If the credentials cannot expire, the original error will be returned.
ProviderSources returns the credential chain that was used to construct this provider
Retrieve retrieves credentials from the EC2 service. Error will be returned if the request fails, or unable to extract the desired credentials.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4