Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	provisional
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.Auth.Container

Description

Fetch credentials from a metadata service when running in an ECS Container.

Synopsis

fromContainer :: MonadIO m => Text -> Env' withAuth -> m Env
fromContainerEnv :: MonadIO m => Env' withAuth -> m Env

Documentation

fromContainer Source #

Arguments

:: MonadIO m
=> Text	Absolute URL
-> Env' withAuth
-> m Env

Obtain credentials exposed to a task via the ECS container agent, as described in the IAM Roles for Tasks section of the AWS ECS documentation. The credentials are obtained by making a request to the given URL.

The ECS container agent provides an access key, secret key, session token, and expiration time. As these are temporary credentials, this function also starts a refresh thread that will periodically fetch fresh credentials before the current ones expire.

fromContainerEnv :: MonadIO m => Env' withAuth -> m Env Source #

Obtain credentials from the ECS container agent, by querying http://169.254.170.2 at the path contained by the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.

Throws MissingEnvError if the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is not set or InvalidIAMError if the payload returned by the ECS container agent is not of the expected format.

NOTE: We do not currently respect the AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINTER_AUTHORIZATION_TOKEN environment variable. If you need support for these, please file a PR.