Authenticating with Amazon using Amazon SDK for Rust - Amazon SDK for Rust
More authentication information
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Authenticating with Amazon using Amazon SDK for Rust

You must establish how your code authenticates with Amazon when developing with Amazon Web Services services. You can configure programmatic access to Amazon resources in different ways depending on the environment and the Amazon access available to you.

To choose your method of authentication and configure it for the SDK, see Authentication and access in the Amazon SDKs and Tools Reference Guide.

We recommend that new users who are developing locally and are not given a method of authentication by their employer should set up Amazon IAM Identity Center. This method includes installing the Amazon CLI for ease of configuration and for regularly signing in to the Amazon access portal.

If you choose this method, complete the procedure for Login for Amazon local development using console credentials in the Amazon SDKs and Tools Reference Guide. Afterwards, your environment should contain the following elements:

  • The Amazon CLI, which you use to start an Amazon access portal session before you run your application.

  • A shared Amazonconfig file having a [default] profile with a set of configuration values that can be referenced from the SDK. To find the location of this file, see Location of the shared files in the Amazon SDKs and Tools Reference Guide.

  • The shared config file sets the region setting. This sets the default Amazon Web Services Region that the SDK uses for Amazon requests. This Region is used for SDK service requests that aren't specified with a Region to use.

  • The SDK uses the profile’s Login credential provider configuration to acquire credentials before sending requests to Amazon. The login_session value, which stores the identity of the management console session that you selected during the login workflow, allows access to the Amazon services used in your application.

    The following sample config file shows a default profile set up with Login credentials provider configuration console session selected during the login workflow. The profile's login_session setting refers to the named console session selected during the workflow:

    [default]
login_session = arn:aws:iam::0123456789012:user/username
region = us-east-1
    Note

    You must enable the credentials-login feature of the aws-config crate to make use of this credential provider.

More authentication information

Human users, also known as human identities, are the people, administrators, developers, operators, and consumers of your applications. They must have an identity to access your Amazon environments and applications. Human users that are members of your organization - that means you, the developer - are known as workforce identities.

Use temporary credentials when accessing Amazon. You can use an identity provider for your human users to provide federated access to Amazon accounts by assuming roles, which provide temporary credentials. For centralized access management, we recommend that you use Amazon IAM Identity Center (IAM Identity Center) to manage access to your accounts and permissions within those accounts. For more alternatives, see the following: