Skip to content

package awscfg

import "github.com/cloudboss/unobin/pkg/awscfg"

Package awscfg holds the AWS connection settings shared by every component that reaches AWS. The Configuration struct is the operator-facing `aws:` object: the s3 state backend nests it beside its own fields, and other AWS-backed components compose the same struct so the option names and credential behavior stay identical everywhere. Load turns a Configuration into an aws.Config through the SDK's default credential chain.

Functions

func Load

func Load(ctx context.Context, c *Configuration) (aws.Config, error)

Load builds an aws.Config from c through the SDK's default credential chain. A nil c uses the chain with no overrides. When an object-store endpoint override is set, request and response checksums relax to when-required, since stores outside AWS commonly reject the data-integrity headers.

Types

type AssumeRole

type AssumeRole struct {
    RoleArn           cfg.String
    RoleSessionName   *cfg.String
    ExternalId        *cfg.String
    DurationSeconds   *cfg.Integer
    Policy            *cfg.String
    PolicyArns        *cfg.List[cfg.String]
    SourceIdentity    *cfg.String
    Tags              *cfg.Map[cfg.String]
    TransitiveTagKeys *cfg.List[cfg.String]
}

AssumeRole assumes an IAM role using the chain's credentials as the source identity.

type AssumeRoleWithWebIdentity

type AssumeRoleWithWebIdentity struct {
    RoleArn              cfg.String
    WebIdentityTokenFile cfg.String
    RoleSessionName      *cfg.String
    DurationSeconds      *cfg.Integer
    Policy               *cfg.String
    PolicyArns           *cfg.List[cfg.String]
}

AssumeRoleWithWebIdentity assumes an IAM role with an OIDC token read from a file. The token is always file-sourced; a literal token in static configuration would be expired by definition.

type Configuration

type Configuration struct {
    Region                    *cfg.String
    Profile                   *cfg.String
    EndpointURL               *cfg.String
    Endpoints                 *Endpoints
    MaxAttempts               *cfg.Integer
    RetryMode                 *cfg.String
    SharedConfigFiles         *cfg.List[cfg.String]
    SharedCredentialsFiles    *cfg.List[cfg.String]
    CustomCABundle            *cfg.String
    HTTPProxy                 *cfg.String
    HTTPSProxy                *cfg.String
    NoProxy                   *cfg.String
    AssumeRole                *AssumeRole
    AssumeRoleWithWebIdentity *AssumeRoleWithWebIdentity
}

Configuration selects how a component reaches AWS. Every field is optional; an empty or nil Configuration means the SDK's default chain alone: env credentials, shared config and credentials files, SSO, web identity, container credentials, then IMDS. Static credential fields are deliberately absent; credentials enter through the chain, a profile, or role assumption.

func (*Configuration) KMSEndpoint

func (c *Configuration) KMSEndpoint() string

KMSEndpoint returns the endpoint override a KMS client should use: endpoints.kms when set, else endpoint-url, else empty.

func (*Configuration) S3Endpoint

func (c *Configuration) S3Endpoint() string

S3Endpoint returns the endpoint override an S3 client should use: endpoints.s3 when set, else endpoint-url, else empty.

func (*Configuration) STSEndpoint

func (c *Configuration) STSEndpoint() string

STSEndpoint returns the endpoint override an STS client should use: endpoints.sts when set, else endpoint-url, else empty.

type Endpoints

type Endpoints struct {
    S3  *cfg.String
    STS *cfg.String
    KMS *cfg.String
}

Endpoints overrides the endpoint of one service at a time, for S3-compatible object stores and private STS or KMS endpoints. A service without an entry falls back to endpoint-url, then to the SDK's own resolution, including the AWS_ENDPOINT_URL_* env vars.