package awscfg¶
Package awscfg holds the AWS connection settings shared by every component that reaches AWS. The Configuration struct is the operator-facing `aws:` object: the s3 state backend nests it beside its own fields, and other AWS-backed components compose the same struct so the option names and credential behavior stay identical everywhere. Load turns a Configuration into an aws.Config through the SDK's default credential chain.
Functions¶
func Load¶
Load builds an aws.Config from c through the SDK's default credential chain. A nil c uses the chain with no overrides. When an object-store endpoint override is set, request and response checksums relax to when-required, since stores outside AWS commonly reject the data-integrity headers.
Types¶
type AssumeRole¶
type AssumeRole struct {
RoleArn string
RoleSessionName *string
ExternalId *string
DurationSeconds *int64
Policy *string
PolicyArns *[]string
SourceIdentity *string
Tags *map[string]string
TransitiveTagKeys *[]string
}
AssumeRole assumes an IAM role using the chain's credentials as the source identity.
type AssumeRoleWithWebIdentity¶
type AssumeRoleWithWebIdentity struct {
RoleArn string
WebIdentityTokenFile string
RoleSessionName *string
DurationSeconds *int64
Policy *string
PolicyArns *[]string
}
AssumeRoleWithWebIdentity assumes an IAM role with an OIDC token read from a file. The token is always file-sourced; a literal token in static configuration would be expired by definition.
type Configuration¶
type Configuration struct {
Region *string
Profile *string
EndpointURL *string
Endpoints *Endpoints
MaxAttempts *int64
RetryMode *string
SharedConfigFiles *[]string
SharedCredentialsFiles *[]string
CustomCABundle *string
HTTPProxy *string
HTTPSProxy *string
NoProxy *string
AssumeRole *AssumeRole
AssumeRoleWithWebIdentity *AssumeRoleWithWebIdentity
}
Configuration selects how a component reaches AWS. Every field is optional; an empty or nil Configuration means the SDK's default chain alone: env credentials, shared config and credentials files, SSO, web identity, container credentials, then IMDS. Static credential fields are deliberately absent; credentials enter through the chain, a profile, or role assumption.
func (*Configuration) KMSEndpoint¶
KMSEndpoint returns the endpoint override a KMS client should use: endpoints.kms when set, else endpoint-url, else empty.
func (*Configuration) S3Endpoint¶
S3Endpoint returns the endpoint override an S3 client should use: endpoints.s3 when set, else endpoint-url, else empty.
func (*Configuration) STSEndpoint¶
STSEndpoint returns the endpoint override an STS client should use: endpoints.sts when set, else endpoint-url, else empty.
type Endpoints¶
Endpoints overrides the endpoint of one service at a time, for S3-compatible object stores and private STS or KMS endpoints. A service without an entry falls back to endpoint-url, then to the SDK's own resolution, including the AWS_ENDPOINT_URL_* env vars.