Settings reference - Amazon SDKs and Tools
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Settings reference

SDKs provide language-specific APIs for Amazon Web Services services. They take care of some of the heavy lifting necessary in successfully making API calls, including authentication, retry behavior, and more. To do this, the SDKs have flexible strategies to obtain credentials to use for your requests, to maintain settings to use with each service, and to obtain values to use for global settings.

You can find detailed information about configuration settings in the following sections:

Creating service clients

To programmatically access Amazon Web Services services, SDKs use a client class/object for each Amazon Web Services service. For example, if your application needs to access Amazon EC2, your application creates an Amazon EC2 client object to interface with that service. You then use the service client to make requests to that Amazon Web Services service. In most SDKs, a service client object is immutable, so you must create a new client for each service to which you make requests and for making requests to the same service using a different configuration.

Precedence of settings

Global settings configure features, credential providers, and other functionality that are supported by most SDKs and have a broad impact across Amazon Web Services services. All SDKs have a series of places (or sources) that they check in order to find a value for global settings. The following is the setting lookup precedence:

  1. Any explicit setting set in the code or on a service client itself takes precedence over anything else.

    • Some settings can be set on a per-operation basis, and can be changed as needed for each operation that you invoke. For the Amazon CLI or Amazon Tools for PowerShell, these take the form of per-operation parameters that you enter on the command line. For an SDK, explicit assignments can take the form of a parameter that you set when you instantiate an Amazon Web Services service client or configuration object, or sometimes when you call an individual API.

  2. Java/Kotlin only: The JVM system property for the setting is checked. If it’s set, that value is used to configure the client.

  3. The environment variable is checked. If it’s set, that value is used to configure the client.

  4. The SDK checks the shared credentials file for the setting. If it's set, the client uses it.

  5. The shared config file for the setting. If the setting is present, the SDK uses it.

    • The AWS_PROFILE environment variable or the aws.profile JVM system property can be used to specify which profile that the SDK loads.

  6. Any default value provided by the SDK source code itself is used last.

Note

Some SDKs and tools might check in a different order. Also, some SDKs and tools support other methods of storing and retrieving parameters. For example, the Amazon SDK for .NET supports an additional source called the SDK Store. For more information about providers that are unique to a SDK or tool, see the specific guide for the SDK or tool that you are using.

The order determines which methods take precedence and override others. For example, if you set up a profile in the shared config file, it's only found and used after the SDK or tool checks the other places first. This means that if you put a setting in the credentials file, it is used instead of one found in the config file. If you configure an environment variable with a setting and value, it would override that setting in both the credentials and config files. And finally, a setting on the individual operation (Amazon CLI command-line parameter or API parameter) or in code would override all other values for that one command.

Settings pages

The pages within the Settings reference section of this guide detail the available settings that can be set through various mechanisms. The tables that follow list the config and credential file settings, environment variables, and (for Java and Kotlin SDKs) the JVM settings that can be used outside of your code to configure the feature. Each linked topic in each list takes you to the corresponding settings page.

Each credential provider or feature has a page where the settings that are used to configure that functionality are listed. For each setting, you can often set the value either by adding the setting to a configuration file, or by setting an environment variable, or (for Java and Kotlin only) by setting a JVM system property. Each setting lists all supported methods of setting the value in a block above the details of the description. Although the precedence varies, the resulting functionality is the same regardless of how you set it.

The description will include the default value, if any, that takes effect if you do nothing. It also defines what a valid value is for that setting.

For example, let’s look at a setting from the Request compression feature page.

The disable_request_compression example setting's information communicates the following:

  • There are three equivalent ways to control request compression outside of your codebase. You can either:

    • Set it in your config file using disable_request_compression

    • Set it as an environment variable using AWS_DISABLE_REQUEST_COMPRESSION

    • Or, if you are using the Java or Kotlin SDK, set it as a JVM system property using aws.disableRequestCompression

    Note

    There might also be a way to configure the same functionality directly in your code, but this Reference does not cover this since it is unique to each SDK. If you want to set your configuration in the code itself, see your specific SDK guide or API reference.

  • If you do nothing, the value will default to false.

  • The only valid values for this Boolean setting are true and false.

At the bottom of each feature page there is a Compatibility with Amazon SDKs table.

This table shows whether your SDK supports the settings that are listed on the page. The Supported column indicates the support level with the following values:

  • Yes – The settings are fully supported by the SDK as written.

  • Partial – Some of the settings are supported or the behavior deviates from the description. For Partial, an additional note indicates the deviation.

  • No – None of the settings are supported. This doesn't make claims as to whether the same functionality might be achieved in code; it only indicates that the listed external configuration settings are not supported.

Config file settings list

The settings listed in the following table can be assigned in the shared Amazon config file. They are global and affect all Amazon Web Services services. SDKs and tools may also support unique settings and environment variables. To see the settings and environment variables supported by only an individual SDK or tool, see that specific SDK or tool guide.

Setting name Details
account_id_endpoint_mode Account-based endpoints
api_versions General configuration settings
aws_access_key_id Amazon access keys
aws_account_id Account-based endpoints
aws_secret_access_key Amazon access keys
aws_session_token Amazon access keys
ca_bundle General configuration settings
credential_process Process credential provider
credential_source Assume role credential provider
defaults_mode Smart configuration defaults
disable_request_compression Request compression
duration_seconds Assume role credential provider
ec2_metadata_service_endpoint IMDS credential provider
ec2_metadata_service_endpoint_mode IMDS credential provider
ec2_metadata_v1_disabled IMDS credential provider
endpoint_discovery_enabled Endpoint discovery
endpoint_url Service-specific endpoints
external_id Assume role credential provider
ignore_configured_endpoint_urls Service-specific endpoints
max_attempts Retry behavior
metadata_service_num_attempts Amazon EC2 instance metadata
metadata_service_timeout Amazon EC2 instance metadata
mfa_serial Assume role credential provider
output General configuration settings
parameter_validation General configuration settings
region Amazon Web Services Region
request_min_compression_size_bytes Request compression
retry_mode Retry behavior
role_arn Assume role credential provider
role_session_name Assume role credential provider
s3_disable_multiregion_access_points Amazon S3 Multi-Region Access Points
s3_use_arn_region Amazon S3 access points
sdk_ua_app_id Application ID
source_profile Assume role credential provider
sso_account_id IAM Identity Center credential provider
sso_region IAM Identity Center credential provider
sso_registration_scopes IAM Identity Center credential provider
sso_role_name IAM Identity Center credential provider
sso_start_url IAM Identity Center credential provider
sts_regional_endpoints Amazon STS Regional endpoints
use_dualstack_endpoint Dual-stack and FIPS endpoints
use_fips_endpoint Dual-stack and FIPS endpoints
web_identity_token_file Assume role credential provider

Credentials file settings list

The settings listed in the following table can be assigned in the shared Amazon credentials file. They are global and affect all Amazon Web Services services. SDKs and tools may also support unique settings and environment variables. To see the settings and environment variables supported by only an individual SDK or tool, see that specific SDK or tool guide.

Setting name Details
aws_access_key_id Amazon access keys
aws_secret_access_key Amazon access keys
aws_session_token Amazon access keys

Environment variables list

Environment variables supported by most SDKs are listed in the following table. They are global and affect all Amazon Web Services services. SDKs and tools may also support unique settings and environment variables. To see the settings and environment variables supported by only an individual SDK or tool, see that specific SDK or tool guide.

Setting name Details
AWS_ACCESS_KEY_ID Amazon access keys
AWS_ACCOUNT_ID Account-based endpoints
AWS_ACCOUNT_ID_ENDPOINT_MODE Account-based endpoints
AWS_CA_BUNDLE General configuration settings
AWS_CONFIG_FILE Location of the shared config and credentials files
AWS_CONTAINER_AUTHORIZATION_TOKEN Container credential provider
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE Container credential provider
AWS_CONTAINER_CREDENTIALS_FULL_URI Container credential provider
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI Container credential provider
AWS_DEFAULTS_MODE Smart configuration defaults
AWS_DISABLE_REQUEST_COMPRESSION Request compression
AWS_EC2_METADATA_DISABLED IMDS credential provider
AWS_EC2_METADATA_SERVICE_ENDPOINT IMDS credential provider
AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE IMDS credential provider
AWS_EC2_METADATA_V1_DISABLED IMDS credential provider
AWS_ENABLE_ENDPOINT_DISCOVERY Endpoint discovery
AWS_ENDPOINT_URL Service-specific endpoints
AWS_ENDPOINT_URL_<SERVICE> Service-specific endpoints
AWS_IGNORE_CONFIGURED_ENDPOINT_URLS Service-specific endpoints
AWS_MAX_ATTEMPTS Retry behavior
AWS_METADATA_SERVICE_NUM_ATTEMPTS Amazon EC2 instance metadata
AWS_METADATA_SERVICE_TIMEOUT Amazon EC2 instance metadata
AWS_PROFILE Shared config and credentials files
AWS_REGION Amazon Web Services Region
AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES Request compression
AWS_RETRY_MODE Retry behavior
AWS_ROLE_ARN Assume role credential provider
AWS_ROLE_SESSION_NAME Assume role credential provider
AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS Amazon S3 Multi-Region Access Points
AWS_S3_USE_ARN_REGION Amazon S3 access points
AWS_SDK_UA_APP_ID Application ID
AWS_SECRET_ACCESS_KEY Amazon access keys
AWS_SESSION_TOKEN Amazon access keys
AWS_SHARED_CREDENTIALS_FILE Location of the shared config and credentials files
AWS_STS_REGIONAL_ENDPOINTS Amazon STS Regional endpoints
AWS_USE_DUALSTACK_ENDPOINT Dual-stack and FIPS endpoints
AWS_USE_FIPS_ENDPOINT Dual-stack and FIPS endpoints
AWS_WEB_IDENTITY_TOKEN_FILE Assume role credential provider

JVM system properties list

You can use the following JVM system properties for the Amazon SDK for Java and the Amazon SDK for Kotlin (targeting the JVM). See How to set JVM system properties for instructions on how to set JVM system properties.

Setting name Details
aws.accessKeyId Amazon access keys
aws.accountId Account-based endpoints
aws.accountIdEndpointMode Account-based endpoints
aws.configFile Location of the shared config and credentials files
aws.defaultsMode Smart configuration defaults
aws.disableEc2MetadataV1 IMDS credential provider
aws.disableRequestCompression Request compression
aws.ec2MetadataServiceEndpoint IMDS credential provider
aws.ec2MetadataServiceEndpointMode IMDS credential provider
aws.endpointDiscoveryEnabled Endpoint discovery
aws.endpointUrl Service-specific endpoints
aws.endpointUrl<ServiceName> Service-specific endpoints
aws.ignoreConfiguredEndpointUrls Service-specific endpoints
aws.maxAttempts Retry behavior
aws.profile Shared config and credentials files
aws.region Amazon Web Services Region
aws.requestMinCompressionSizeBytes Request compression
aws.retryMode Retry behavior
aws.roleArn Assume role credential provider
aws.roleSessionName Assume role credential provider
aws.s3DisableMultiRegionAccessPoints Amazon S3 Multi-Region Access Points
aws.s3UseArnRegion Amazon S3 access points
aws.secretAccessKey Amazon access keys
aws.sessionToken Amazon access keys
aws.sharedCredentialsFile Location of the shared config and credentials files
aws.useDualstackEndpoint Dual-stack and FIPS endpoints
aws.useFipsEndpoint Dual-stack and FIPS endpoints
aws.userAgentAppId Application ID
aws.webIdentityTokenFile Assume role credential provider