or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

advanced-configuration.mdconfiguration-loading.mdenvironment-configuration.mdindex.mdload-options.mdregion-configuration.mdshared-config-advanced.mdshared-config.md
tile.json

shared-config.mddocs/

Shared Configuration Files

The shared configuration files capability provides access to default file paths and manages AWS shared configuration and credentials files.

Overview

AWS SDK for Go v2 loads configuration from shared configuration files located at standard paths. The config package provides functions to retrieve these default paths and variables containing the file lists.

API

File Path Functions

func DefaultSharedConfigFilename() string

func DefaultSharedCredentialsFilename() string

DefaultSharedConfigFilename returns the SDK's default file path for the shared config file based on the OS platform:

  • Linux/Unix: $HOME/.aws/config
  • Windows: %USERPROFILE%\.aws\config

DefaultSharedCredentialsFilename returns the SDK's default file path for the shared credentials file based on the OS platform:

  • Linux/Unix: $HOME/.aws/credentials
  • Windows: %USERPROFILE%\.aws\credentials

Variables

var DefaultSharedConfigFiles = []string{
    DefaultSharedConfigFilename(),
}

var DefaultSharedCredentialsFiles = []string{
    DefaultSharedCredentialsFilename(),
}

DefaultSharedConfigFiles is a slice of the default shared config files that will be used to load the SharedConfig.

DefaultSharedCredentialsFiles is a slice of the default shared credentials files that will be used to load the SharedConfig.

Constants

const DefaultSharedConfigProfile = "default"

DefaultSharedConfigProfile is the default profile to be used when loading configuration from the config files if another profile name is not provided.

Usage

Getting Default File Paths

package main

import (
    "fmt"
    "github.com/aws/aws-sdk-go-v2/config"
)

func main() {
    configPath := config.DefaultSharedConfigFilename()
    credentialsPath := config.DefaultSharedCredentialsFilename()

    fmt.Printf("Default config file: %s\n", configPath)
    fmt.Printf("Default credentials file: %s\n", credentialsPath)
}

Using Custom Config Files

import (
    "context"
)

// Load config from custom files
customConfigFiles := []string{
    "/etc/aws/config",
    "/home/user/custom-aws-config",
}

customCredsFiles := []string{
    "/etc/aws/credentials",
    "/home/user/custom-aws-credentials",
}

cfg, err := config.LoadDefaultConfig(
    context.TODO(),
    config.WithSharedConfigFiles(customConfigFiles),
    config.WithSharedCredentialsFiles(customCredsFiles),
)
if err != nil {
    log.Fatal(err)
}

Using Non-Default Profile

import (
    "context"
)

// Load config using a specific profile
cfg, err := config.LoadDefaultConfig(
    context.TODO(),
    config.WithSharedConfigProfile("production"),
)
if err != nil {
    log.Fatal(err)
}

Shared Configuration File Format

The shared configuration file (~/.aws/config) uses INI format with sections for profiles:

[default]
region = us-east-1
output = json

[profile production]
region = us-west-2
output = json
role_arn = arn:aws:iam::123456789012:role/ProductionRole
source_profile = default

[profile development]
region = eu-west-1
output = json

Important: Non-default profiles must be prefixed with profile in the config file.

Shared Credentials File Format

The shared credentials file (~/.aws/credentials) uses INI format without the profile prefix:

[default]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[production]
aws_access_key_id = AKIAI44QH8DHBEXAMPLE
aws_secret_access_key = je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

[development]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Important: Profile names in the credentials file should NOT include the profile prefix.

Precedence Rules

When duplicate profiles are provided:

  1. Within the same file: Later definitions override earlier ones
  2. Across credentials and config files: Properties in the credentials file take precedence over the config file
  3. If duplicate profiles exist across multiple shared config files: Later files override properties from earlier files

Profile Configuration Options

Profiles can include various configuration options:

Credentials

  • aws_access_key_id - AWS access key ID
  • aws_secret_access_key - AWS secret access key
  • aws_session_token - AWS session token

Region and Output

  • region - AWS region
  • output - Output format (json, text, table)

Assume Role

  • role_arn - ARN of the role to assume
  • source_profile - Profile to use for credentials
  • external_id - External ID for assume role
  • mfa_serial - MFA device serial number
  • role_session_name - Session name for the assumed role
  • duration_seconds - Session duration in seconds

SSO Configuration

  • sso_session - SSO session name
  • sso_account_id - AWS account ID
  • sso_role_name - SSO role name
  • sso_region - SSO region
  • sso_start_url - SSO start URL

Advanced Options

  • credential_process - External credential process command
  • web_identity_token_file - Web identity token file path
  • s3_use_arn_region - Allow S3 ARNs to direct region
  • s3_disable_multiregion_access_points - Disable S3 multi-region access points
  • endpoint_discovery_enabled - Enable endpoint discovery
  • ec2_metadata_service_endpoint_mode - EC2 IMDS endpoint mode
  • ec2_metadata_service_endpoint - EC2 IMDS endpoint
  • ec2_metadata_v1_disabled - Disable EC2 IMDSv1
  • use_dualstack_endpoint - Use dual-stack endpoints
  • use_fips_endpoint - Use FIPS endpoints
  • defaults_mode - SDK defaults mode
  • max_attempts - Maximum retry attempts
  • retry_mode - Retry mode
  • ca_bundle - Custom CA bundle path
  • sdk_ua_app_id - SDK app ID