Documentation ¶
Overview ¶
Package credentials contains functionality for retrieving and manipulating AWS credentials.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FederateUser ¶
func FederateUser(creds *sts.Credentials, name, policy string, duration time.Duration, userAgent string) (*sts.Credentials, error)
FederateUser will federate the given user credentials by calling STS GetFederationToken. If the given credentials are not for a user (like credentials for a role) then they are returned unmodified.
func FromConfig ¶
func FromConfig(profile string) (*sts.Credentials, error)
FromConfig retrieves credentials from the AWS cli config files, typically ~/.aws/credentials and ~/.aws/config. Credentials for the named profile are returned, or the default profile if no name is given. Additionally, the value of $AWS_PROFILE will be used if it is set.
func FromReader ¶
func FromReader(reader io.Reader) (*sts.Credentials, error)
FromReader retrieves credentials from given io.Reader, typically os.Stdin. Expects JSON data in one of two possible formats. The first is returned by several STS operations (assume-role/get-session-token/etc) and looks like:
{ "AssumedRoleUser": {...}, "Credentials": { "AccessKeyId": "...", "SecretAccessKey": "...", "SessionToken": "..." "Expiration": "...", } }
The second is returned by various AWS cli credential exec plugins, and looks like:
{ "AccessKeyId": "...", "SecretAccessKey": "...", "SessionToken": "...", "Expiration": "...", "Version": 1 }
See https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html#output. See https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html.
Types ¶
This section is empty.