Container credential provider - AWS SDKs and Tools

Container credential provider

The container credential provider fetches credentials for customer’s containerized application. This credential provider is useful for Amazon Elastic Container Service (Amazon ECS) customers. SDKs will attempt to load credentials from the specified HTTP endpoint through a GET request. To learn more about the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable, see IAM Roles for Tasks in the Amazon Elastic Container Service Developer Guide.

Configure this functionality by using the following:

AWS_CONTAINER_CREDENTIALS_FULL_URI - environment variable

Contains the full HTTP URL endpoint for the SDK to use when making a request for credentials. This includes both the scheme and the host.

Default value: None.

Valid values: Valid URI.

Note: This setting is an alternative to AWS_CONTAINER_CREDENTIALS_RELATIVE_URI and will only be used if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is not set.

Linux/macOS example of setting environment variables via command line:

export AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost/get-credentials

or

export AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:8080/get-credentials
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI - environment variable

Specifies the relative HTTP URL endpoint for the SDK to use when making a request for credentials.

Default value: None.

Valid values: Valid relative URI.

Linux/macOS example of setting environment variables via command line:

export AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=/get-credentials?a=1
AWS_CONTAINER_AUTHORIZATION_TOKEN - environment variable

If this variable is set, the SDK will set the Authorization header on the HTTP request with the environment variable's value.

Default value: None.

Valid values: String.

Linux/macOS example of setting environment variables via command line:

export AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost/get-credential export AWS_CONTAINER_AUTHORIZATION_TOKEN=Basic abcd

Compatibility with AWS SDKS

The following SDKs support the features and settings described on this page, any partial exceptions are noted: