Specify your credentials and default Region - AWS SDK for Rust

Specify your credentials and default Region

Before you make an API call using the AWS SDK for Rust (the SDK), you must first obtain credentials and put them where the SDK can find them. You also need to specify the correct AWS Region. There are several ways to do this, depending on your use case and needs.

Provide credentials to the SDK

Two values comprise credentials: an access key ID and a secret access key. If you haven't created these two values, see the Get started with the AWS SDK for Rust topic for information about retrieving your credentials.

Note

Avoid using a stored access key ID and secret access key as long-term credentials. Instead, your application should use a service such as Amazon Cognito to obtain a temporary access key ID and secret access key. Then, use them to create a static credential provider to use when creating your service objects.

Once you have your credentials, make sure the SDK can retrieve them from one of the following locations. It will search these locations for credentials and will use the first ones it finds.

  • In the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

  • In Web Identity Token credentials from the environment or container (including Amazon EKS)

  • Amazon ECS credentials (IAM roles for tasks)

  • As entries in the credentials file in the .aws directory in your home directory (~/.aws/credentials on Linux, macOS, and Unix; %userprofile%\.aws\credentials on Microsoft Windows):

    [default] aws_access_key_id=YOUR-ACCESS-KEY aws_secret_access_key=YOUR-SECRET-KEY
  • Using a named profile specified in the credentials file via the AWS_PROFILE environment variable

  • From the EC2 Instance Metadata Service (IAM Roles attached to an instance)

Specify a Region

Because most resources reside in a specific AWS Region, you must supply the correct Region for the resource when using the SDK.

The SDK looks for Regions in a specific order, similar to how it looks for credentials. The SDK looks in the following order for a default Region:

  • In the environment variable AWS_REGION.

  • As an entry in the credentials file in the .aws directory in your home directory (~/.aws/credentials on Linux, macOS, and Unix; %userprofile%\.aws\credentials on Microsoft Windows):

    [default] region=YOUR-DEFAULT-REGION
  • As an entry in the config file in the .aws directory in your home directory (~/.aws/config on Linux, macOS, and Unix; %userprofile%\.aws\config on Microsoft Windows):

    [default] region=YOUR-DEFAULT-REGION