You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| environment_id | Yes | This is the environment identifier, of format `aws${version}`. A version should be specified to indicate to the auth library whether breaking changes were introduced to the underlying AWS implementation. So if aws1 is supported in the current version of the library but a credential file with aws2 is provided, an error should be thrown instructing the developer to upgrade to a newer version of the library. |
208
-
| region_url |Yes| This URL should be used to determine the current AWS region needed for the signed request construction. |
208
+
| region_url |No| This URL should be used to determine the current AWS region needed for the signed request construction when the region environment variables are not present. |
209
209
| url | No | This AWS metadata server URL should be used to retrieve the access key, secret key and security token needed to sign the `GetCallerIdentity` request. The $ROLE_NAME should be retrieved from calling this endpoint without any parameter and then calling again with the returned role name appended to this URL: http://169.254.169.254/latest/meta-data/iam/security-credentials/$ROLE_NAME|
210
210
| regional_cred_verification_url | Yes | This defines the regional AWS `GetCallerIdentity` action URL. This URL should be used to determine the AWS account ID and its roles. This should not actually be called by the Auth libraries. It should be called on the STS token server. The region should be substituted by SDK, e.g. `sts.eu-west-1.amazonaws`.com. |
211
211
| imdsv2_session_token_url | No | Presence of this URL enforces the auth libraries to fetch a Session Token from AWS. This field is required for EC2 instances using IMDSv2. This Session Token would later be used while making calls to the metadata enpoint. |
@@ -244,7 +244,7 @@ The auth libraries and applications **must** follow the steps below:
244
244
- Check the environment variables in the following order (`AWS_REGION` and
245
245
then the `AWS_DEFAULT_REGION`) to determine the AWS region. If found, skip
246
246
using the AWS metadata server to determine this value.
247
-
- If the region environment variable is not provided, use the **region_url**
247
+
- If the region environment variables are not provided, use the **region_url**
248
248
to determine the current AWS region. The API returns the zone name, e.g.
249
249
`us-east-1d`. The region should be determined by stripping the last
250
250
character, e.g. `us-east-1`.
@@ -279,7 +279,7 @@ The auth libraries and applications **must** follow the steps below:
| file | Yes | This is the source of the credential. This should be used for a credential locally available. This should take precedence over `url` when both are provided. |
381
381
| format.type | No | This indicates the format of the file where the token is stored. This can be either "text" or "json". The default should be "text". |
@@ -419,7 +419,7 @@ in the `credential_source` object to facilitate retrieval of executable-sourced
419
419
credentials to be passed as subject tokens to the GCP STS token exchange
| executable | Yes | Holds the information necessary to run the executable. |
425
425
| executable.command | Yes | Specifies the full command to run to retrieve the subject token. This can include arguments. Must be an absolute path for the program. |
@@ -452,7 +452,7 @@ Additionally, the executable **must** adhere to the following response format:
0 commit comments