| Copyright | (c) 2013-2023 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | provisional |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Amazonka.Auth.InstanceProfile
Description
Retrieve authentication credentials from EC2 instance profiles.
Synopsis
- fromDefaultInstanceProfile :: MonadIO m => Env' withAuth -> m Env
- fromNamedInstanceProfile :: MonadIO m => Text -> Env' withAuth -> m Env
Documentation
fromDefaultInstanceProfile :: MonadIO m => Env' withAuth -> m Env Source #
Retrieve the default IAM Profile from the local EC2 instance-data.
The default IAM profile is determined by Amazon as the first profile found
in the response from:
http://169.254.169.254/latest/meta-data/iam/security-credentials/
Throws RetrievalError if the HTTP call fails, or InvalidIAMError if
the default IAM profile cannot be read.
fromNamedInstanceProfile :: MonadIO m => Text -> Env' withAuth -> m Env Source #
Lookup a specific IAM Profile by name from the local EC2 instance-data.
Additionally starts a refresh thread for the given authentication environment.
The resulting IORef wrapper + timer is designed so that multiple concurrent
accesses of AuthEnv from the AWS environment are not required to calculate
expiry and sequentially queue to update it.
The forked timer ensures a singular owner and pre-emptive refresh of the temporary session credentials before expiration.
A weak reference is used to ensure that the forked thread will eventually
terminate when Auth is no longer referenced.
If no session token or expiration time is present the credentials will be returned verbatim.