or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

advanced-configuration.mdconfiguration-loading.mdenvironment-configuration.mdindex.mdload-options.mdregion-configuration.mdshared-config-advanced.mdshared-config.md
tile.json

shared-config-advanced.mddocs/

Advanced Shared Configuration

Advanced shared configuration capabilities for directly loading and working with AWS shared configuration file structures.

Overview

The config package provides low-level access to AWS shared configuration through the SharedConfig type and related functions. These are typically used for advanced scenarios where direct access to configuration file structures is needed.

API

LoadSharedConfigProfile

func LoadSharedConfigProfile(ctx context.Context, profile string, optFns ...func(*LoadSharedConfigOptions)) (SharedConfig, error)

Retrieves configuration from the list of files using the specified profile. The order of files determines precedence - values in subsequent files will overwrite values defined in earlier files.

Parameters:

  • ctx - Context for the operation
  • profile - Profile name to load
  • optFns - Optional configuration functions

Returns:

  • SharedConfig - Loaded shared configuration
  • error - Error if loading fails

SharedConfig Type

type SharedConfig struct {
    Profile                          string
    Credentials                      aws.Credentials
    CredentialSource                 string
    CredentialProcess                string
    WebIdentityTokenFile             string
    SSOSessionName                   string
    SSOSession                       *SSOSession
    SSORegion                        string
    SSOStartURL                      string
    SSOAccountID                     string
    SSORoleName                      string
    RoleARN                          string
    ExternalID                       string
    MFASerial                        string
    RoleSessionName                  string
    RoleDurationSeconds              *time.Duration
    SourceProfileName                string
    Source                           *SharedConfig
    Region                           string
    EnableEndpointDiscovery          aws.EndpointDiscoveryEnableState
    S3UseARNRegion                   *bool
    EC2IMDSEndpointMode              imds.EndpointModeState
    EC2IMDSEndpoint                  string
    EC2IMDSv1Disabled                *bool
    S3DisableMultiRegionAccessPoints *bool
    UseDualStackEndpoint             aws.DualStackEndpointState
    UseFIPSEndpoint                  aws.FIPSEndpointState
    DefaultsMode                     aws.DefaultsMode
    RetryMaxAttempts                 int
    RetryMode                        aws.RetryMode
    CustomCABundle                   string
    AppID                            string
    Services                         Services
    IgnoreConfiguredEndpoints        *bool
    BaseEndpoint                     string
    DisableRequestCompression        *bool
    RequestMinCompressSizeBytes      *int64
    S3DisableExpressAuth             *bool
    AccountID                        string
    AccountIDEndpointMode            aws.AccountIDEndpointMode
}

SharedConfig Methods:

func (c SharedConfig) GetEC2IMDSEndpoint() (string, bool, error)

func (c SharedConfig) GetEC2IMDSEndpointMode() (imds.EndpointModeState, bool, error)

func (c SharedConfig) GetEC2IMDSV1FallbackDisabled() (bool, bool)

func (c SharedConfig) GetEnableEndpointDiscovery(ctx context.Context) (value aws.EndpointDiscoveryEnableState, found bool, err error)

func (c SharedConfig) GetIgnoreConfiguredEndpoints(ctx context.Context) (bool, bool, error)

func (c SharedConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error)

func (c SharedConfig) GetRetryMode(ctx context.Context) (aws.RetryMode, bool, error)

func (c SharedConfig) GetS3DisableExpressAuth() (value, ok bool)

func (c SharedConfig) GetS3DisableMultiRegionAccessPoints(ctx context.Context) (value, ok bool, err error)

func (c SharedConfig) GetS3UseARNRegion(ctx context.Context) (value, ok bool, err error)

func (c SharedConfig) GetServiceBaseEndpoint(ctx context.Context, sdkID string) (string, bool, error)

func (c SharedConfig) GetUseDualStackEndpoint(ctx context.Context) (value aws.DualStackEndpointState, found bool, err error)

func (c SharedConfig) GetUseFIPSEndpoint(ctx context.Context) (value aws.FIPSEndpointState, found bool, err error)

LoadSharedConfigOptions

type LoadSharedConfigOptions struct {
    // CredentialsFiles are the shared credentials files
    CredentialsFiles []string

    // ConfigFiles are the shared config files
    ConfigFiles []string

    // Logger is the logger used to log shared config behavior
    Logger logging.Logger
}

Configuration options for loading shared configuration. Used with LoadSharedConfigProfile.

SSOSession

type SSOSession struct {
    Name        string
    SSORegion   string
    SSOStartURL string
}

SSO session configuration from shared config file. Provides the shared configuration parameters of the sso-session section.

Services

type Services struct {
    // Services section values
    // {"serviceId": {"key": "value"}}
    // e.g. {"s3": {"endpoint_url": "example.com"}}
    ServiceValues map[string]map[string]string
}

Service-specific configuration parameters from shared config file. Contains values configured in the services section of the AWS configuration file.

Error Types

SharedConfigLoadError

type SharedConfigLoadError struct {
    // Has unexported fields
}

func (e SharedConfigLoadError) Error() string

func (e SharedConfigLoadError) Unwrap() error

Error returned when shared configuration fails to load.

SharedConfigAssumeRoleError

type SharedConfigAssumeRoleError struct {
    // Has unexported fields
}

func (e SharedConfigAssumeRoleError) Error() string

func (e SharedConfigAssumeRoleError) Unwrap() error

Error returned when assume role configuration is invalid.

SharedConfigProfileNotExistError

type SharedConfigProfileNotExistError struct {
    // Has unexported fields
}

func (e SharedConfigProfileNotExistError) Error() string

func (e SharedConfigProfileNotExistError) Unwrap() error

Error returned when the specified profile does not exist in shared config files.

Usage Examples

Loading a Specific Profile

package main

import (
    "context"
    "fmt"
    "log"

    "github.com/aws/aws-sdk-go-v2/config"
)

func main() {
    sharedCfg, err := config.LoadSharedConfigProfile(
        context.TODO(),
        "production",
    )
    if err != nil {
        log.Fatal(err)
    }

    fmt.Printf("Profile: %s\n", sharedCfg.Profile)
    fmt.Printf("Region: %s\n", sharedCfg.Region)
    fmt.Printf("Role ARN: %s\n", sharedCfg.RoleARN)
}

Accessing Configuration Values

import (
    "context"
)

sharedCfg, err := config.LoadSharedConfigProfile(context.TODO(), "default")
if err != nil {
    log.Fatal(err)
}

// Check region
if sharedCfg.Region != "" {
    fmt.Printf("Region: %s\n", sharedCfg.Region)
}

// Check for assume role configuration
if sharedCfg.RoleARN != "" {
    fmt.Printf("Assume Role ARN: %s\n", sharedCfg.RoleARN)
    fmt.Printf("Source Profile: %s\n", sharedCfg.SourceProfileName)
    if sharedCfg.MFASerial != "" {
        fmt.Printf("MFA Required: %s\n", sharedCfg.MFASerial)
    }
}

// Check SSO configuration
if sharedCfg.SSOSessionName != "" {
    fmt.Printf("SSO Session: %s\n", sharedCfg.SSOSessionName)
}

Error Handling

sharedCfg, err := config.LoadSharedConfigProfile(context.TODO(), "nonexistent")
if err != nil {
    switch e := err.(type) {
    case config.SharedConfigProfileNotExistError:
        log.Printf("Profile does not exist: %v", e)
    case config.SharedConfigLoadError:
        log.Printf("Failed to load config: %v", e)
    case config.SharedConfigAssumeRoleError:
        log.Printf("Invalid assume role configuration: %v", e)
    default:
        log.Printf("Unknown error: %v", err)
    }
}

Checking Configuration Values

import (
    "context"
)

sharedCfg, err := config.LoadSharedConfigProfile(context.TODO(), "default")
if err != nil {
    log.Fatal(err)
}

// Use getter methods to check optional values
if retryMax, found, err := sharedCfg.GetRetryMaxAttempts(context.TODO()); found && err == nil {
    fmt.Printf("Retry max attempts: %d\n", retryMax)
}

if retryMode, found, err := sharedCfg.GetRetryMode(context.TODO()); found && err == nil {
    fmt.Printf("Retry mode: %s\n", retryMode)
}

if useARNRegion, found, err := sharedCfg.GetS3UseARNRegion(context.TODO()); found && err == nil {
    fmt.Printf("S3 Use ARN Region: %v\n", useARNRegion)
}

SharedConfig Fields

Credentials Fields

  • Profile - Profile name
  • Credentials - Static credentials (access key ID, secret access key, session token)
  • CredentialSource - Source of credentials (e.g., "Environment", "Ec2InstanceMetadata")
  • CredentialProcess - External credential process command

Assume Role Fields

  • RoleARN - ARN of the role to assume
  • SourceProfileName - Name of the source profile for assume role
  • Source - Source profile SharedConfig
  • ExternalID - External ID for assume role
  • MFASerial - MFA device serial number
  • RoleSessionName - Session name for assumed role
  • RoleDurationSeconds - Session duration

SSO Fields

  • SSOSessionName - SSO session name
  • SSOSession - SSO session configuration
  • SSORegion - SSO region (legacy)
  • SSOStartURL - SSO start URL (legacy)
  • SSOAccountID - AWS account ID for SSO
  • SSORoleName - SSO role name

Web Identity Fields

  • WebIdentityTokenFile - Path to web identity token file

Service Configuration

  • Region - AWS region
  • EnableEndpointDiscovery - Endpoint discovery state
  • DefaultsMode - SDK defaults mode
  • Services - Service-specific configuration

S3 Configuration

  • S3UseARNRegion - Allow S3 ARNs to direct region
  • S3DisableMultiRegionAccessPoints - Disable S3 multi-region access points
  • S3DisableExpressAuth - Disable S3 Express authentication

EC2 IMDS Configuration

  • EC2IMDSEndpointMode - IMDS endpoint mode (IPv4/IPv6)
  • EC2IMDSEndpoint - Custom IMDS endpoint
  • EC2IMDSv1Disabled - Disable IMDSv1 fallback

Endpoint Configuration

  • UseDualStackEndpoint - Use dual-stack endpoints
  • UseFIPSEndpoint - Use FIPS endpoints
  • IgnoreConfiguredEndpoints - Ignore configured endpoints
  • BaseEndpoint - Base endpoint URL

Retry Configuration

  • RetryMaxAttempts - Maximum retry attempts
  • RetryMode - Retry mode

Advanced Configuration

  • CustomCABundle - Custom CA bundle path
  • AppID - SDK app ID
  • DisableRequestCompression - Disable request compression
  • RequestMinCompressSizeBytes - Minimum compression size
  • AccountID - AWS account ID
  • AccountIDEndpointMode - Account ID endpoint mode

When to Use

Use LoadSharedConfigProfile and SharedConfig when you need:

  • Direct access to raw shared configuration values
  • To inspect configuration without initializing full AWS SDK configuration
  • To validate shared configuration files
  • To implement custom configuration loading logic

For normal SDK usage, prefer LoadDefaultConfig which handles configuration loading automatically.