Credential Chain documentation is not accurate #4076
Labels
bug
This issue is a confirmed bug.
credentials
documentation
This is a problem with documentation.
investigating
This issue is being investigated and/or work is in progress to resolve the issue.
p2
This is a standard priority issue
Description
This is what is written in the documentation:
"4. Shared credential file (
~/.aws/credentials
)5. AWS config file (
~/.aws/config
)"They should be swapped. I tested it out. Also that's the order in which they read the credentials in botocore. (https://github.com/boto/botocore/blob/1be45c52cf3b743186f9191e7f53d66eefae23cd/botocore/session.py#L427)
Also in definition of Assume role provider, they say that it reads from
~/.aws/config
or~/.aws/credentials
file which is accurate. Then why is it mentioned again in the provider chain?My understanding is that this should be the provider chain:
boto.client()
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SECURITY_TOKEN
orAWS_SESSION_TOKEN
$AWS_CONFIG_FILE
or~/.aws/config
$AWS_SHARED_CREDENTIALS_FILE
or~/.aws/credentials
AWS_WEB_IDENTITY_TOKEN_FILE
AWS_ROLE_ARN
AWS_ROLE_SESSION_NAME
/etc/boto.cfg
and~/.boto
AWS_CONTAINER_CREDENTIALS_FULL_URI
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
AWS_EC2_METADATA_SERVICE_ENDPOINT
My proposed credential chain is based on my reading of
botocore.credentials.create_credential_resolver
function (https://github.com/boto/botocore/blob/1be45c52cf3b743186f9191e7f53d66eefae23cd/botocore/credentials.py#L65)Links
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html
The text was updated successfully, but these errors were encountered: