Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	provisional
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.Auth.ConfigFile

Description

Retrieve authentication credentials from AWS config/credentials files.

Synopsis

fromFilePath :: forall m withAuth. (MonadIO m, Foldable withAuth) => Text -> FilePath -> FilePath -> Env' withAuth -> m Env
mergeConfigs :: HashMap Text [(Text, Text)] -> HashMap Text [(Text, Text)] -> HashMap Text (HashMap Text Text)
parseConfigProfile :: HashMap Text Text -> Maybe (ConfigProfile, Maybe Region)
data ConfigProfile
data CredentialSource
- = Environment
- | Ec2InstanceMetadata
- | EcsContainer
fromFileEnv :: (MonadIO m, Foldable withAuth) => Env' withAuth -> m Env
configPathRelative :: String -> IO String

Documentation

fromFilePath Source #

Arguments

:: forall m withAuth. (MonadIO m, Foldable withAuth)
=> Text	Profile name
-> FilePath	Credentials file
-> FilePath	Config file
-> Env' withAuth
-> m Env

Retrieve credentials from the AWS config/credentials files, as Amazonka currently understands them:

AWS recommends credentials do not live in the config file, but allows it.
Sections in the config file start should either be named [default] or [profile foo]. Unprefixed [foo] currently "happens to work" but is not officially supported, to match the observed behaviour of the AWS SDK/CLI.
Sections in the credentials file are always unprefixed - [default] or [foo].

See: the ConfigProfile type, to understand the methods Amazonka currently supports.

mergeConfigs Source #

Arguments

:: HashMap Text [(Text, Text)]	Credentials
-> HashMap Text [(Text, Text)]	Config
-> HashMap Text (HashMap Text Text)

parseConfigProfile :: HashMap Text Text -> Maybe (ConfigProfile, Maybe Region) Source #

data ConfigProfile Source #

Constructors

ExplicitKeys AuthEnv	Recognizes `aws_access_key_id`, `aws_secret_access_key`, and optionally `aws_session_token`.
AssumeRoleFromProfile Text Text	Recognizes `role_arn` and `source_profile`.
AssumeRoleFromCredentialSource Text CredentialSource	Recognizes `role_arn` and `credential_source`.
AssumeRoleWithWebIdentity Text (Maybe Text) FilePath	Recognizes `role_arn`, `role_session_name`, and `web_identity_token_file`.
AssumeRoleViaSSO Text Region Text Text	Recognizes `sso_start_url`, `sso_region`, `sso_account_id`, and `sso_role_name`.

Instances

Instances details

Generic ConfigProfile Source #
Instance details Defined in Amazonka.Auth.ConfigFile Associated Types type Rep ConfigProfile :: Type -> Type # Methods from :: ConfigProfile -> Rep ConfigProfile x # to :: Rep ConfigProfile x -> ConfigProfile #
Show ConfigProfile Source #
Instance details Defined in Amazonka.Auth.ConfigFile Methods showsPrec :: Int -> ConfigProfile -> ShowS # show :: ConfigProfile -> String # showList :: [ConfigProfile] -> ShowS #
Eq ConfigProfile Source #
Instance details Defined in Amazonka.Auth.ConfigFile Methods (==) :: ConfigProfile -> ConfigProfile -> Bool # (/=) :: ConfigProfile -> ConfigProfile -> Bool #
type Rep ConfigProfile Source #
Instance details Defined in Amazonka.Auth.ConfigFile type Rep ConfigProfile = D1 ('MetaData "ConfigProfile" "Amazonka.Auth.ConfigFile" "amazonka-2.0-48plDWnPMAk3PGO79vdSa0" 'False) ((C1 ('MetaCons "ExplicitKeys" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 AuthEnv)) :+: C1 ('MetaCons "AssumeRoleFromProfile" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) :+: (C1 ('MetaCons "AssumeRoleFromCredentialSource" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 CredentialSource)) :+: (C1 ('MetaCons "AssumeRoleWithWebIdentity" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 FilePath))) :+: C1 ('MetaCons "AssumeRoleViaSSO" 'PrefixI 'False) ((S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Region)) :: (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))))

data CredentialSource Source #

Constructors

Environment
Ec2InstanceMetadata
EcsContainer

Instances

Instances details

Generic CredentialSource Source #
Instance details Defined in Amazonka.Auth.ConfigFile Associated Types type Rep CredentialSource :: Type -> Type # Methods from :: CredentialSource -> Rep CredentialSource x # to :: Rep CredentialSource x -> CredentialSource #
Show CredentialSource Source #
Instance details Defined in Amazonka.Auth.ConfigFile Methods showsPrec :: Int -> CredentialSource -> ShowS # show :: CredentialSource -> String # showList :: [CredentialSource] -> ShowS #
Eq CredentialSource Source #
Instance details Defined in Amazonka.Auth.ConfigFile Methods (==) :: CredentialSource -> CredentialSource -> Bool # (/=) :: CredentialSource -> CredentialSource -> Bool #
type Rep CredentialSource Source #
Instance details Defined in Amazonka.Auth.ConfigFile type Rep CredentialSource = D1 ('MetaData "CredentialSource" "Amazonka.Auth.ConfigFile" "amazonka-2.0-48plDWnPMAk3PGO79vdSa0" 'False) (C1 ('MetaCons "Environment" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Ec2InstanceMetadata" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "EcsContainer" 'PrefixI 'False) (U1 :: Type -> Type)))

fromFileEnv :: (MonadIO m, Foldable withAuth) => Env' withAuth -> m Env Source #

Loads the default config/credentials INI files and selects a profile by environment variable (AWS_PROFILE).

Throws MissingFileError if credFile is missing, or InvalidFileError if an error occurs during parsing.

This looks in in the HOME directory as determined by the directory library.

Not Windows: $HOME/.aws/credentials
Windows: %USERPROFILE%\.aws\credentials

configPathRelative :: String -> IO String Source #