Global settings for config and credentials files - AWS SDKs and Tools Shared Configuration and Credentials

Global settings for config and credentials files

The topics in this section describe the settings that can be stored in the config and credentials files.

For information about where config and credentials files are located, see Location of the shared config and credentials files.

The following settings are global and affect all services. Choose the name of the setting to see its details page.

Important

Not all SDKs and Toolkits support all of the settings listed below. Choose a setting to see the details page that includes which SDKs and Toolkits support that setting.

Setting Summary Config file Credentials file Env variable Per operation
api_versions Specifies the version of the AWS service's API to use. X - - -
aws_access_key_id Access key ID to use to authenticate the user. X X X -
aws_secret_access_key Secret key to use to authenticate the user. X X X -
aws_session_token Session token for temporary credentials to use to authenticate the user. X X X -
ca_bundle Specifies a Certificate Authority (CA) certificate bundle (a file with the pem extension) that is used to verify SSL certificates. X - X X
cli_binary_format (Available in the AWS CLI V2 only.) Specifies how the AWS CLI handles binary input parameters. X - - X
cli_follow_urlparam (Available in the AWS CLI V1 only.) Specifies whether the CLI attempts to follow URL links in command line parameters that begin with http:// or https://. X - - -
cli_timestamp_format (Available in the AWS CLI only.) Specifies how the AWS CLI formats timestamp output values. X - - -
credential_process Specifies an external command that the SDK or tool runs on your behalf to generate or retrieve authentication credentials to use. X - - -
credential_source Used with Amazon EC2 instances or containers. Specifies where the SDK or tool can find credentials that can be used to assume the role identified by the role_arn setting. X - - -
duration_seconds Specifies the maximum duration of an assumed role session. X - - -
external_id Specifies a unique identifier that is used by third parties to assume a role in their customers' accounts. X - - -
max_attempts Specifies the maximum number attempts to make on a request. X - X -
metadata_service_num_attempts Specifies the number of attempts to make before giving up when attempting to retrieve data from the instance metadata service. X - - -
metadata_service_timeout Specifies the number of seconds before timing out when attempting to retrieve data from the instance metadata service. X - - -
mfa_serial Specifies the identification number of a multi-factor authentication (MFA) device to use when assuming a role. X - - -
output (Available in the AWS CLI only.) Specifies the output format for AWS CLI commands. X - X X
parameter_validation (Available in the AWS CLI only.) Specifies whether the AWS CLI client attempts to validate parameters before sending them to the AWS service endpoint. X - - -
region Specifies the AWS Region to send requests to for commands requested using this profile. X - X X
retry_mode Specifies how the SDK attempts retries. X - X -
role_arn Specifies the Amazon Resource Name (ARN) of an IAM role that you want to use for operations requested using this profile. X - - -
role_session_name Specifies the name to attach to the role session. This name appears in AWS CloudTrail logs for entries associated with this session. X - - -
source_profile Specifies another profile whose credentials are used to assume the role specified by this profile. X - - -
sso_account_id (Available in the AWS CLI V2 only.) Specifies the AWS account ID that contains the IAM role with the permission that you want to grant to the associated AWS SSO user. X - - -
sso_region (Available in the AWS CLI V2 only.) Specifies the AWS Region that contains the AWS SSO portal host. X - - -
sso_role_name (Available in the AWS CLI V2 only.) Specifies the friendly name of the IAM role that defines the user's permissions when using this profile. X - - -
sso_start_url (Available in the AWS CLI V2 only.) Specifies the URL that points to the organization's AWS SSO user portal. The AWS CLI uses this URL to establish a session with the AWS SSO service to authenticate its users. X - - -
sts_regional_endpoints Specifies how the AWS CLI determines the AWS service endpoint that the AWS CLI client uses to talk to the AWS Security Token Service (AWS STS). X - - -
tcp_keepalive Specifies whether the AWS CLI client uses TCP keep-alive packets. X - - -
web_identity_token_file Specifies the path to a file that contains an access token from an OAuth 2.0 or OpenID Connect identity provider. This enables authentication by using Web Identity federation. X - - -