Skip to content

Commit

Permalink
docs(credential-provider): mark other provider as internal
Browse files Browse the repository at this point in the history
  • Loading branch information
@AllanZhengYP
AllanZhengYP committed Aug 18, 2021
1 parent a3584b0 commit aacac32
Show file tree
Hide file tree
Showing 7 changed files with 31 additions and 502 deletions.
7 changes: 7 additions & 0 deletions packages/credential-provider-cognito-identity/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,10 @@

[![NPM version](https://img.shields.io/npm/v/@aws-sdk/credential-provider-cognito-identity/latest.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-cognito-identity)
[![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/credential-provider-cognito-identity.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-cognito-identity)

> An internal package
## Usage

You probably shouldn't, at least directly. Please use [@aws-sdk/credential-providers](https://www.npmjs.com/package/@aws-sdk/credential-providers)
instead.
19 changes: 4 additions & 15 deletions packages/credential-provider-env/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,9 @@
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/credential-provider-env/latest.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-env)
[![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/credential-provider-env.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-env)

## AWS Credential Provider for Node.JS - Environment Variables
> An internal package
This module provides a `CredentialProvider` function, `fromEnv`, that reads from
the following environment variables:
## Usage

- `AWS_ACCESS_KEY_ID` - The access key for your AWS account.
- `AWS_SECRET_ACCESS_KEY` - The secret key for your AWS account.
- `AWS_SESSION_TOKEN` - The session key for your AWS account. This is only
needed when you are using temporary credentials.
- `AWS_CREDENTIAL_EXPIRATION` - The expiration time of the credentials contained
in the environment variables described above. This value must be in a format
compatible with the [ISO-8601 standard](https://en.wikipedia.org/wiki/ISO_8601)
and is only needed when you are using temporary credentials.

If either the `AWS_ACCESS_KEY_ID` or `AWS_SECRET_ACCESS_KEY` environment
variable is not set or contains a falsy value, the promise returned by the
`fromEnv` function will be rejected.
You probably shouldn't, at least directly. Please use [@aws-sdk/credential-providers](https://www.npmjs.com/package/@aws-sdk/credential-providers)
instead.
32 changes: 4 additions & 28 deletions packages/credential-provider-imds/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,33 +3,9 @@
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/credential-provider-imds/latest.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-imds)
[![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/credential-provider-imds.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-imds)

## AWS Credential Provider for Node.JS - Instance and Container Metadata
> An internal package
This module provides two `CredentialProvider` factory functions,
`fromContainerMetadata` and `fromInstanceMetadata`, that will create
`CredentialProvider` functions that read from the ECS container metadata service
and the EC2 instance metadata service, respectively.
## Usage

A `CredentialProvider` function created with `fromContainerMetadata` will return
a promise that will resolve with credentials for the IAM role associated with
containers in an Amazon ECS task. Please see [IAM Roles for Tasks](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html)
for more information on using IAM roles with Amazon ECS.

A `CredentialProvider` function created with `fromInstanceMetadata` will return
a promise that will resolve with credentials for the IAM role associated with
an EC2 instance.
Please see [IAM Roles for Amazon EC2](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
for more information on using IAM roles with Amazon EC2.
Both IMDSv1 (a request/response method) and IMDSv2 (a session-oriented method) are supported.
Please see [Configure the instance metadata service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) for more information.

## Supported configuration

You may customize how credentials are resolved by providing an options hash to
the `fromContainerMetadata` and `fromInstanceMetadata` factory functions. The
following options are supported:

- `timeout` - The connection timeout (in milliseconds) to apply to any remote
requests. If not specified, a default value of `1000` (one second) is used.
- `maxRetries` - The maximum number of times any HTTP connections should be
retried. If not specified, a default value of `0` will be used.
You probably shouldn't, at least directly. Please use [@aws-sdk/credential-providers](https://www.npmjs.com/package/@aws-sdk/credential-providers)
instead.
165 changes: 4 additions & 161 deletions packages/credential-provider-ini/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,166 +3,9 @@
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/credential-provider-ini/latest.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-ini)
[![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/credential-provider-ini.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-ini)

## AWS Credential Provider for Node.JS - Shared Configuration Files
> An internal package
This module provides a function, `fromIni` that will create
`CredentialProvider` functions that read from a shared credentials file at
`~/.aws/credentials` and a shared configuration file at `~/.aws/config`. Both
files are expected to be INI formatted with section names corresponding to
profiles. Sections in the credentials file are treated as profile names, whereas
profile sections in the config file must have the format of`[profile profile-name]`,
except for the default profile. Please see the [sample
files](#sample-files) below for examples of well-formed configuration and
credentials files.
## Usage

Profiles that appear in both files will not be merged, and the version that
appears in the credentials file will be given precedence over the profile found
in the config file.

## Supported configuration

You may customize how credentials are resolved by providing an options hash to
the `fromIni` factory function. The following options are supported:

- `profile` - The configuration profile to use. If not specified, the provider
will use the value in the `AWS_PROFILE` environment variable or a default of
`default`.
- `filepath` - The path to the shared credentials file. If not specified, the
provider will use the value in the `AWS_SHARED_CREDENTIALS_FILE` environment
variable or a default of `~/.aws/credentials`.
- `configFilepath` - The path to the shared config file. If not specified, the
provider will use the value in the `AWS_CONFIG_FILE` environment variable or a
default of `~/.aws/config`.
- `mfaCodeProvider` - A function that returns a a promise fulfilled with an
MFA token code for the provided MFA Serial code. If a profile requires an MFA
code and `mfaCodeProvider` is not a valid function, the credential provider
promise will be rejected.
- `roleAssumer` - A function that assumes a role and returns a promise
fulfilled with credentials for the assumed role. You may call `sts:assumeRole`
API within this function.
- `roleAssumerWithWebIdentity` - A function that assumes a role with web identity
and returns a promise fulfilled with credentials for the assumed role. You may call
`sts:assumeRoleWithWebIdentity` API within this function.

## Sample files

### `~/.aws/credentials`

```ini
[default]
aws_access_key_id=foo
aws_secret_access_key=bar

[dev]
aws_access_key_id=foo2
aws_secret_access_key=bar2

[prod]
aws_access_key_id=foo3
aws_secret_access_key=bar3
```

### `~/.aws/config`

```ini
[default]
aws_access_key_id=foo
aws_secret_access_key=bar

[profile dev]
aws_access_key_id=foo2
aws_secret_access_key=bar2

[profile prod]
aws_access_key_id=foo3
aws_secret_access_key=bar3

[profile "testing host"]
aws_access_key_id=foo4
aws_secret_access_key=bar4
```

### profile with source profile

```ini
[second]
aws_access_key_id=foo
aws_secret_access_key=bar

[first]
source_profile=second
role_arn=arn:aws:iam::123456789012:role/example-role-arn
```

### profile with source provider

You can supply `credential_source` options to tell the SDK where to source
credentials for the call to `AssumeRole`. The supported credential providers are
listed bellow:

```ini
[default]
role_arn=arn:aws:iam::123456789012:role/example-role-arn
credential_source = Ec2InstanceMetadata
```

```ini
[default]
role_arn=arn:aws:iam::123456789012:role/example-role-arn
credential_source = Environment
```

```ini
[default]
role_arn=arn:aws:iam::123456789012:role/example-role-arn
credential_source = EcsContainer
```

### profile with web_identity_token_file

```ini
[default]
web_identity_token_file=/temp/token
role_arn=arn:aws:iam::123456789012:role/example-role-arn
```

You can specify another profile(`second`) whose credentials are used to assume
the role by the `role_arn` setting in this profile(`first`).

```ini
[second]
web_identity_token_file=/temp/token
role_arn=arn:aws:iam::123456789012:role/example-role-2

[first]
source_profile=second
role_arn=arn:aws:iam::123456789012:role/example-role
```

### profile with sso credentials

Please refer the the [`sso credential provider package`](https://www.npmjs.com/package/@aws-sdk/credential-provider-sso)
for how to configure the SSO credentials.

```ini
[default]
sso_account_id = 012345678901
sso_region = us-east-1
sso_role_name = SampleRole
sso_start_url = https://d-abc123.awsapps.com/start
```

You can specify another profile(`second`) whose credentials derived from SSO
are used to assume the role by the `role_arn` setting in this profile(`first`).

```ini
[second]
sso_account_id = 012345678901
sso_region = us-east-1
sso_role_name = example-role-2
sso_start_url = https://d-abc123.awsapps.com/start

[first]
source_profile=second
role_arn=arn:aws:iam::123456789012:role/example-role
```
You probably shouldn't, at least directly. Please use [@aws-sdk/credential-providers](https://www.npmjs.com/package/@aws-sdk/credential-providers)
instead.
60 changes: 4 additions & 56 deletions packages/credential-provider-process/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,61 +3,9 @@
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/credential-provider-process/latest.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-process)
[![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/credential-provider-process.svg)](https://www.npmjs.com/package/@aws-sdk/credential-provider-process)

## AWS Credential Provider for Node.JS - Shared Configuration Files
> An internal package
This module provides a function, `fromSharedConfigFiles` that will create
`CredentialProvider` functions that read from a shared credentials file at
`~/.aws/credentials` and a shared configuration file at `~/.aws/config`. Both
files are expected to be INI formatted with section names corresponding to
profiles. Sections in the credentials file are treated as profile names, whereas
profile sections in the config file must have the format of`[profile profile-name]`, except for the default profile. Please see the [sample
files](#sample-files) below for examples of well-formed configuration and
credentials files.
## Usage

Profiles that appear in both files will not be merged, and the version that
appears in the credentials file will be given precedence over the profile found
in the config file.

## Supported configuration

You may customize how credentials are resolved by providing an options hash to
the `fromSharedConfigFiles` factory function. The following options are
supported:

- `profile` - The configuration profile to use. If not specified, the provider
will use the value in the `AWS_PROFILE` environment variable or a default of
`default`.
- `filepath` - The path to the shared credentials file. If not specified, the
provider will use the value in the `AWS_SHARED_CREDENTIALS_FILE` environment
variable or a default of `~/.aws/credentials`.
- `configFilepath` - The path to the shared config file. If not specified, the
provider will use the value in the `AWS_CONFIG_FILE` environment variable or a
default of `~/.aws/config`.

## Sample files

### `~/.aws/credentials`

```ini
[default]
credential_process = /usr/local/bin/awscreds

[dev]
credential_process = /usr/local/bin/awscreds dev

[prod]
credential_process = /usr/local/bin/awscreds prod
```

### `~/.aws/config`

```ini
[default]
credential_process = /usr/local/bin/awscreds

[profile dev]
credential_process = /usr/local/bin/awscreds dev

[profile prod]
credential_process = /usr/local/bin/awscreds prod
```
You probably shouldn't, at least directly. Please use [@aws-sdk/credential-providers](https://www.npmjs.com/package/@aws-sdk/credential-providers)
instead.
Loading

0 comments on commit aacac32

Please sign in to comment.