Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Credential resolvers that use AWS services (e.g,. STS / SSO) should use configured endpoint #311

Open
2 tasks
sichanyoo opened this issue Jan 9, 2025 · 0 comments
Open
2 tasks

Credential resolvers that use AWS services (e.g,. STS / SSO) should use configured endpoint #311

sichanyoo opened this issue Jan 9, 2025 · 0 comments
Labels
feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.

Comments

@sichanyoo
Copy link
Contributor

sichanyoo commented Jan 9, 2025
edited
Loading

Background

The configured endpoint feature for SDKs requires the ability to configure the endpoint to use for service clients using environment variables and properties in the shared config file.

Swift SDK depends on aws-crt-swift for credential resolution, and to support configured endpoint, that means credential resolvers in CRT that use service clients must respect the configured endpoint spec as well.

The order of resolution for configured endpoint is as follows:

  1. The value provided by a service-specific environment variable, AWS_ENDPOINT_URL_<SERVICE>. <SERVICE> here is the uppercased version of corresponding service identifier in this official list.
  2. The value provided by the global endpoint environment variable, AWS_ENDPOINT_URL.
  3. The value provided by a service-specific parameter from a services definition section referenced in a profile in the shared configuration file. The name of the service must match the identifier in this official list. E.g.:
[profile profile-with-services]
services = dev
endpoint_url = http://localhost:5567

[services dev]
sts = 
  endpoint_url = https://play.min.io:9000
  1. The value provided by the global parameter from a profile in the shared configuration file. E.g.:
[profile profile-with-services]
services = dev
endpoint_url = http://localhost:5567
  1. The endpoint value resolved through existing methods

Task

The STS credential resolver, SSO credential resolver, and default chain credential resolver which has STS in its chain should respect the endpoint configured in the env var & shared config file if present.

Use Case

For customers that want to configure endpoint for STS or SSO for their usage of Swift SDK.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change
@sichanyoo sichanyoo added needs-triage This issue or PR still needs to be triaged. feature-request A feature should be added or improved. labels Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sichanyoo