The environment configuration capability provides access to AWS SDK configuration values from environment variables.
The EnvConfig type contains configuration values read from environment variables. All environment values are optional, but some values such as credentials require multiple values to be complete or they will be ignored.
type EnvConfig struct {
Credentials aws.Credentials
ContainerCredentialsEndpoint string
ContainerCredentialsRelativePath string
ContainerAuthorizationToken string
Region string
SharedConfigProfile string
SharedCredentialsFile string
SharedConfigFile string
CustomCABundle string
EnableEndpointDiscovery aws.EndpointDiscoveryEnableState
WebIdentityTokenFilePath string
RoleARN string
RoleSessionName string
S3UseARNRegion *bool
EC2IMDSClientEnableState imds.ClientEnableState
EC2IMDSv1Disabled *bool
EC2IMDSEndpointMode imds.EndpointModeState
EC2IMDSEndpoint string
S3DisableMultiRegionAccessPoints *bool
UseDualStackEndpoint aws.DualStackEndpointState
UseFIPSEndpoint aws.FIPSEndpointState
DefaultsMode aws.DefaultsMode
RetryMaxAttempts int
RetryMode aws.RetryMode
AppID string
IgnoreConfiguredEndpoints *bool
BaseEndpoint string
DisableRequestCompression *bool
RequestMinCompressSizeBytes *int64
S3DisableExpressAuth *bool
AccountIDEndpointMode aws.AccountIDEndpointMode
}
func NewEnvConfig() (EnvConfig, error)Static credentials from environment variables:
AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY - Access key IDAWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY - Secret access keyAWS_SESSION_TOKEN - Session token (optional)ContainerCredentialsEndpoint - HTTP endpoint to retrieve credentials using the endpointcreds.ProviderContainerCredentialsRelativePath - Relative URI path for container endpointContainerAuthorizationToken - Authorization token for HTTP Authorization headerRegion - AWS region from AWS_REGION or AWS_DEFAULT_REGIONSharedConfigProfile - Profile name from AWS_PROFILE or AWS_DEFAULT_PROFILESharedCredentialsFile - Custom credentials file path from AWS_SHARED_CREDENTIALS_FILESharedConfigFile - Custom config file path from AWS_CONFIG_FILECustomCABundle - Custom CA Bundle path from AWS_CA_BUNDLEWebIdentityTokenFilePath - Web identity token file from AWS_WEB_IDENTITY_TOKEN_FILERoleARN - IAM role ARN from AWS_ROLE_ARNRoleSessionName - IAM role session name from AWS_ROLE_SESSION_NAMES3UseARNRegion - Allow S3 ARNs to direct region from AWS_S3_USE_ARN_REGIONS3DisableMultiRegionAccessPoints - Disable S3 multi-region access points from AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTSS3DisableExpressAuth - Disable S3 Express authEC2IMDSClientEnableState - Enable/disable EC2 IMDS from AWS_EC2_METADATA_DISABLEDEC2IMDSv1Disabled - Disable IMDSv1 fallback from AWS_EC2_METADATA_V1_DISABLEDEC2IMDSEndpointMode - IMDS endpoint mode (IPv4/IPv6) from AWS_EC2_METADATA_SERVICE_ENDPOINT_MODEEC2IMDSEndpoint - IMDS endpoint URL from AWS_EC2_METADATA_SERVICE_ENDPOINTEnableEndpointDiscovery - Enable endpoint discovery from AWS_ENABLE_ENDPOINT_DISCOVERYUseDualStackEndpoint - Use dual-stack endpoints from AWS_USE_DUALSTACK_ENDPOINTUseFIPSEndpoint - Use FIPS endpoints from AWS_USE_FIPS_ENDPOINTIgnoreConfiguredEndpoints - Disable configured endpointsBaseEndpoint - Base endpoint URLDefaultsMode - SDK defaults mode from AWS_DEFAULTS_MODERetryMaxAttempts - Max retry attempts from AWS_MAX_ATTEMPTSRetryMode - Retry mode from AWS_RETRY_MODEAppID - SDK app ID for user agentDisableRequestCompression - Disable request compression from AWS_DISABLE_REQUEST_COMPRESSIONRequestMinCompressSizeBytes - Min size for compression from AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTESAccountIDEndpointMode - Account ID endpoint modefunc (c EnvConfig) GetEC2IMDSClientEnableState() (imds.ClientEnableState, bool, error)
func (c EnvConfig) GetEC2IMDSEndpoint() (string, bool, error)
func (c EnvConfig) GetEC2IMDSEndpointMode() (imds.EndpointModeState, bool, error)
func (c EnvConfig) GetEC2IMDSV1FallbackDisabled() (bool, bool)
func (c EnvConfig) GetEnableEndpointDiscovery(ctx context.Context) (value aws.EndpointDiscoveryEnableState, found bool, err error)
func (c EnvConfig) GetIgnoreConfiguredEndpoints(context.Context) (bool, bool, error)
func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error)
func (c EnvConfig) GetRetryMode(ctx context.Context) (aws.RetryMode, bool, error)
func (c EnvConfig) GetS3DisableExpressAuth() (value, ok bool)
func (c EnvConfig) GetS3DisableMultiRegionAccessPoints(ctx context.Context) (value, ok bool, err error)
func (c EnvConfig) GetS3UseARNRegion(ctx context.Context) (value, ok bool, err error)
func (c EnvConfig) GetServiceBaseEndpoint(ctx context.Context, sdkID string) (string, bool, error)
func (c EnvConfig) GetUseDualStackEndpoint(ctx context.Context) (value aws.DualStackEndpointState, found bool, err error)
func (c EnvConfig) GetUseFIPSEndpoint(ctx context.Context) (value aws.FIPSEndpointState, found bool, err error)package main
import (
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/config"
)
func main() {
envConfig, err := config.NewEnvConfig()
if err != nil {
log.Fatalf("unable to load environment config, %v", err)
}
fmt.Printf("Region from environment: %s\n", envConfig.Region)
fmt.Printf("Profile from environment: %s\n", envConfig.SharedConfigProfile)
}import (
"context"
)
envConfig, err := config.NewEnvConfig()
if err != nil {
log.Fatal(err)
}
// Check if retry max attempts is set
if maxAttempts, found, err := envConfig.GetRetryMaxAttempts(context.TODO()); found && err == nil {
fmt.Printf("Max retry attempts: %d\n", maxAttempts)
}
// Check if S3 ARN region is enabled
if useARNRegion, found, err := envConfig.GetS3UseARNRegion(context.TODO()); found && err == nil {
fmt.Printf("S3 Use ARN Region: %v\n", useARNRegion)
}| Environment Variable | EnvConfig Field | Description |
|---|---|---|
AWS_ACCESS_KEY_ID | Credentials.AccessKeyID | AWS access key ID |
AWS_SECRET_ACCESS_KEY | Credentials.SecretAccessKey | AWS secret access key |
AWS_SESSION_TOKEN | Credentials.SessionToken | AWS session token |
AWS_REGION | Region | AWS region |
AWS_DEFAULT_REGION | Region | AWS region (fallback) |
AWS_PROFILE | SharedConfigProfile | Shared config profile name |
AWS_DEFAULT_PROFILE | SharedConfigProfile | Profile name (fallback) |
AWS_SHARED_CREDENTIALS_FILE | SharedCredentialsFile | Custom credentials file path |
AWS_CONFIG_FILE | SharedConfigFile | Custom config file path |
AWS_CA_BUNDLE | CustomCABundle | Custom CA bundle path |
AWS_ENABLE_ENDPOINT_DISCOVERY | EnableEndpointDiscovery | Enable endpoint discovery |
AWS_WEB_IDENTITY_TOKEN_FILE | WebIdentityTokenFilePath | Web identity token file |
AWS_ROLE_ARN | RoleARN | IAM role ARN |
AWS_ROLE_SESSION_NAME | RoleSessionName | IAM role session name |
AWS_S3_USE_ARN_REGION | S3UseARNRegion | Allow S3 ARNs to direct region |
AWS_EC2_METADATA_DISABLED | EC2IMDSClientEnableState | Disable EC2 IMDS |
AWS_EC2_METADATA_V1_DISABLED | EC2IMDSv1Disabled | Disable IMDSv1 fallback |
AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE | EC2IMDSEndpointMode | IMDS endpoint mode |
AWS_EC2_METADATA_SERVICE_ENDPOINT | EC2IMDSEndpoint | IMDS endpoint URL |
AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS | S3DisableMultiRegionAccessPoints | Disable S3 multi-region access points |
AWS_USE_DUALSTACK_ENDPOINT | UseDualStackEndpoint | Use dual-stack endpoints |
AWS_USE_FIPS_ENDPOINT | UseFIPSEndpoint | Use FIPS endpoints |
AWS_DEFAULTS_MODE | DefaultsMode | SDK defaults mode |
AWS_MAX_ATTEMPTS | RetryMaxAttempts | Max retry attempts |
AWS_RETRY_MODE | RetryMode | Retry mode |
AWS_DISABLE_REQUEST_COMPRESSION | DisableRequestCompression | Disable request compression |
AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES | RequestMinCompressSizeBytes | Min compression size |
const CredentialsSourceName = "EnvConfigCredentials"Provides the name of the provider when config is loaded from environment.