| 1 | import type { FromHttpOptions } from "@aws-sdk/credential-provider-http";
|
| 2 | import type { FromIniInit } from "@aws-sdk/credential-provider-ini";
|
| 3 | import type { FromProcessInit } from "@aws-sdk/credential-provider-process";
|
| 4 | import type { FromSSOInit, SsoCredentialsParameters } from "@aws-sdk/credential-provider-sso";
|
| 5 | import type { FromTokenFileInit } from "@aws-sdk/credential-provider-web-identity";
|
| 6 | import type { RemoteProviderInit } from "@smithy/credential-provider-imds";
|
| 7 | import { AwsCredentialIdentity, MemoizedProvider } from "@smithy/types";
|
| 8 | /**
|
| 9 | * @public
|
| 10 | */
|
| 11 | export type DefaultProviderInit = FromIniInit & FromHttpOptions & RemoteProviderInit & FromProcessInit & (FromSSOInit & Partial<SsoCredentialsParameters>) & FromTokenFileInit;
|
| 12 | /**
|
| 13 | * Creates a credential provider that will attempt to find credentials from the
|
| 14 | * following sources (listed in order of precedence):
|
| 15 | * * Environment variables exposed via `process.env`
|
| 16 | * * SSO credentials from token cache
|
| 17 | * * Web identity token credentials
|
| 18 | * * Shared credentials and config ini files
|
| 19 | * * The EC2/ECS Instance Metadata Service
|
| 20 | *
|
| 21 | * The default credential provider will invoke one provider at a time and only
|
| 22 | * continue to the next if no credentials have been located. For example, if
|
| 23 | * the process finds values defined via the `AWS_ACCESS_KEY_ID` and
|
| 24 | * `AWS_SECRET_ACCESS_KEY` environment variables, the files at
|
| 25 | * `~/.aws/credentials` and `~/.aws/config` will not be read, nor will any
|
| 26 | * messages be sent to the Instance Metadata Service.
|
| 27 | *
|
| 28 | * @param init Configuration that is passed to each individual
|
| 29 | * provider
|
| 30 | *
|
| 31 | * @see {@link fromEnv} The function used to source credentials from
|
| 32 | * environment variables.
|
| 33 | * @see {@link fromSSO} The function used to source credentials from
|
| 34 | * resolved SSO token cache.
|
| 35 | * @see {@link fromTokenFile} The function used to source credentials from
|
| 36 | * token file.
|
| 37 | * @see {@link fromIni} The function used to source credentials from INI
|
| 38 | * files.
|
| 39 | * @see {@link fromProcess} The function used to sources credentials from
|
| 40 | * credential_process in INI files.
|
| 41 | * @see {@link fromInstanceMetadata} The function used to source credentials from the
|
| 42 | * EC2 Instance Metadata Service.
|
| 43 | * @see {@link fromContainerMetadata} The function used to source credentials from the
|
| 44 | * ECS Container Metadata Service.
|
| 45 | */
|
| 46 | export declare const defaultProvider: (init?: DefaultProviderInit) => MemoizedProvider<AwsCredentialIdentity>;
|
| 47 | /**
|
| 48 | * @internal
|
| 49 | *
|
| 50 | * @returns credentials have expiration.
|
| 51 | */
|
| 52 | export declare const credentialsWillNeedRefresh: (credentials: AwsCredentialIdentity) => boolean;
|
| 53 | /**
|
| 54 | * @internal
|
| 55 | *
|
| 56 | * @returns credentials with less than 5 minutes left.
|
| 57 | */
|
| 58 | export declare const credentialsTreatedAsExpired: (credentials: AwsCredentialIdentity) => boolean;
|