lua-resty-aws

• Index

Contents

• Functions

Modules

• resty.aws.config
• resty.aws.service.rds.signer
• resty.aws.utils

Classes

• AWS
• ChainableTemporaryCredentials
• CredentialProviderChain
• Credentials
• EC2MetadataCredentials
• EnvironmentCredentials
• RemoteCredentials
• SharedFileCredentials
• TokenFileWebIdentityCredentials

Topics

• README

Module resty.aws.config

Load AWS configuration.

This is based of Configuration and credential file settings and Environment variables to configure the AWS CLI.

NOTE: this configuration resembles the CLI configuration. It is NOT the input object for instantiating the AWS instances, or individual services!

Usage

Simply collect the global config table:

local config = require("resty.aws.config").global
print("AWS region: ", (config.region or "failed to detect"))

Additional environment variables

The following config file entries do not have an environment variable override in the AWS CLI, but this Lua module adds them as follows:

• AWS_CLI_TIMESTAMP_FORMAT will override cli_timestamp_format
• AWS_DURATION_SECONDS will override duration_seconds
• AWS_PARAMETER_VALIDATION will override parameter_validation

Options processing and naming

Some options are available in the config/credential files, some as environment variables, and some in both. The options are processed as follows:

• profiles will be honored (see environment variable AWS_PROFILE)

• Numeric and boolean values will be converted to their equivalent Lua types

• properties will have the name as used in the config file, for any property that is a valid config file entry but also has an environment variable override. For example:

  export AWS_REGION="us-east-1"
  

  will be available as config.global.region and config.global.AWS_REGION, since in the config file the property is named region, whilst the environment variable is called AWS_REGION.

• properties that only have environment variable settings (eg. AWS_SHARED_CREDENTIALS_FILE) will be added to the config table by their all-caps name. For example:

  export AWS_SHARED_CREDENTIALS_FILE="~/my_aws_config"
  

  will be available as config.global.AWS_SHARED_CREDENTIALS_FILE, since there is no config file property in this case.

Other system variables

The following environment variables are also read (so only loading this config module in the init phase will suffice for most use cases):

• ECS_CONTAINER_METADATA_URI_V4
• ECS_CONTAINER_METADATA_URI
• AMAZON_ACCESS_KEY_ID
• AMAZON_SECRET_ACCESS_KEY
• AMAZON_SESSION_TOKEN
• AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
• AWS_CONTAINER_CREDENTIALS_FULL_URI
• AWS_CONTAINER_AUTHORIZATION_TOKEN
• AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE

Functions

get_config ()	returns the current configuration.
get_credentials ()	returns the credentials from config file, credential file, or environment variables.
load_config ()	returns the configuration loaded from the config file.
load_configfile (filename[, profile])	loads a configuration file.
load_credentials ()	returns the credentials loaded from the config files.
load_credentials_file (filename[, profile])	loads a credential file.

Functions

get_config ()

returns the current configuration. Reads the configuration files (config + credentials) and overrides them with any environment variables specified, or defaults.

NOTE: this will not auto-detect the region. Use resty.aws.utils.getCurrentRegion for that, or get the config.global table which will auto-detect.

Returns:

table with configuration options, table can be empty.

Usage:

local config = require("resty.aws.config").global       -- does auto-detect region

-- is equivalent to:
local config = require("resty.aws.config").get_config()
if not config.region then
    config.region = utils.getCurrentRegion()
end

get_credentials ()

returns the credentials from config file, credential file, or environment variables. Reads the configuration files (config + credentials) and overrides them with any environment variables specified.

Returns:

table with credentials (aws_access_key_id, aws_secret_access_key, and aws_session_token)

load_config ()

returns the configuration loaded from the config file. The result is based on AWS_CONFIG_FILE and AWS_PROFILE. Returns an empty table if the config file does not exist.

Returns:

options table as gotten from the configuration file, or nil+err.

load_configfile (filename[, profile])

loads a configuration file. The returned table is a hash table with options. If profiles are returned then they will be sub-tables, with key "profile [profile-name]".

Parameters:

• filename string the filename of the configuration file to load
• profile string the profile to retrieve from the configuration file. If the profile doesn't exist, then it returns an empty table. Use "default" to get the default profile. (optional)

Returns:

table with the contents of the file, or only the profile if a profile was specified, or nil+err if there was a problem loading the file

load_credentials ()

returns the credentials loaded from the config files. Options are based on AWS_SHARED_CREDENTIALS_FILE and AWS_PROFILE. Falls back to the config file (see config.load_config). Returns an empty table if the credentials file does not exist.

Returns:

credentials table as gotten from the credentials file, or a table with the key, id, and token from the configuration file, table can be empty.

load_credentials_file (filename[, profile])

loads a credential file. The returned table is a hash table with options. If profiles are returned then they will be sub-tables, with key "[profile-name]".

Parameters:

• filename string the filename of the credentials file to load
• profile string the profile to retrieve from the credentials file. If the profile doesn't exist, then it returns an empty table. Use default to get the default profile. (optional)

Returns:

table with the contents of the file, or only the profile if a profile was specified or nil+err if there was a problem loading the file