Documentation
¶
Overview ¶
Package awscfg holds the AWS connection settings shared by every component that reaches AWS. The Configuration struct is the operator-facing `aws:` object: the s3 state backend nests it beside its own fields, and other AWS-backed components compose the same struct so the option names and credential behavior stay identical everywhere. Load turns a Configuration into an aws.Config through the SDK's default credential chain.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Load ¶
Load builds an aws.Config from c through the SDK's default credential chain. A nil c uses the chain with no overrides. When an object-store endpoint override is set, request and response checksums relax to when-required, since stores outside AWS commonly reject the data-integrity headers.
Types ¶
type AssumeRole ¶
type AssumeRole struct {
RoleArn cfg.String
RoleSessionName *cfg.String
ExternalId *cfg.String
DurationSeconds *cfg.Integer
Policy *cfg.String
PolicyArns *cfg.List[cfg.String]
SourceIdentity *cfg.String
Tags *cfg.Map[cfg.String]
TransitiveTagKeys *cfg.List[cfg.String]
}
AssumeRole assumes an IAM role using the chain's credentials as the source identity.
type AssumeRoleWithWebIdentity ¶
type AssumeRoleWithWebIdentity struct {
RoleArn cfg.String
WebIdentityTokenFile cfg.String
RoleSessionName *cfg.String
DurationSeconds *cfg.Integer
Policy *cfg.String
PolicyArns *cfg.List[cfg.String]
}
AssumeRoleWithWebIdentity assumes an IAM role with an OIDC token read from a file. The token is always file-sourced; a literal token in static configuration would be expired by definition.
type Configuration ¶
type Configuration struct {
Region *cfg.String
Profile *cfg.String
EndpointURL *cfg.String
Endpoints *Endpoints
MaxAttempts *cfg.Integer
RetryMode *cfg.String
CustomCABundle *cfg.String
HTTPProxy *cfg.String
HTTPSProxy *cfg.String
NoProxy *cfg.String
AssumeRole *AssumeRole
AssumeRoleWithWebIdentity *AssumeRoleWithWebIdentity
}
Configuration selects how a component reaches AWS. Every field is optional; an empty or nil Configuration means the SDK's default chain alone: env credentials, shared config and credentials files, SSO, web identity, container credentials, then IMDS. Static credential fields are deliberately absent; credentials enter through the chain, a profile, or role assumption.
func (*Configuration) KMSEndpoint ¶
func (c *Configuration) KMSEndpoint() string
KMSEndpoint returns the endpoint override a KMS client should use: endpoints.kms when set, else endpoint-url, else empty.
func (*Configuration) S3Endpoint ¶
func (c *Configuration) S3Endpoint() string
S3Endpoint returns the endpoint override an S3 client should use: endpoints.s3 when set, else endpoint-url, else empty.
func (*Configuration) STSEndpoint ¶
func (c *Configuration) STSEndpoint() string
STSEndpoint returns the endpoint override an STS client should use: endpoints.sts when set, else endpoint-url, else empty.
Source Files