# Amazon SDKs and tools settings reference
<a name="settings-reference"></a>

SDKs provide language-specific APIs for Amazon Web Services services. They take care of some of the heavy lifting necessary in successfully making API calls, including authentication, retry behavior, and more. To do this, the SDKs have flexible strategies to obtain credentials to use for your requests, to maintain settings to use with each service, and to obtain values to use for global settings.

You can find detailed information about configuration settings in the following sections:
+ [Amazon SDKs and Tools standardized credential providers](standardized-credentials.md) – Common credential providers standardized across multiple SDKs. 
+ [Amazon SDKs and Tools standardized features](standardized-features.md) – Common features standardized across multiple SDKs. 

## Creating service clients
<a name="creatingServiceClients"></a>

 To programmatically access Amazon Web Services services, SDKs use a client class/object for each Amazon Web Services service. For example, if your application needs to access Amazon EC2, your application creates an Amazon EC2 client object to interface with that service. You then use the service client to make requests to that Amazon Web Services service. In most SDKs, a service client object is immutable, so you must create a new client for each service to which you make requests and for making requests to the same service using a different configuration. 

## Precedence of settings
<a name="precedenceOfSettings"></a>

Global settings configure features, credential providers, and other functionality that are supported by most SDKs and have a broad impact across Amazon Web Services services. All SDKs have a series of places (or sources) that they check in order to find a value for global settings. The following is the setting lookup precedence: 

1. Any explicit setting set in the code or on a service client itself takes precedence over anything else.
   + Some settings can be set on a per-operation basis, and can be changed as needed for each operation that you invoke. For the Amazon CLI or Amazon Tools for PowerShell, these take the form of per-operation parameters that you enter on the command line. For an SDK, explicit assignments can take the form of a parameter that you set when you instantiate an Amazon Web Services service client or configuration object, or sometimes when you call an individual API.

1. Java/Kotlin only: The JVM system property for the setting is checked. If it's set, that value is used to configure the client.

1. The environment variable is checked. If it's set, that value is used to configure the client. 

1. The SDK checks the shared `credentials` file for the setting. If it's set, the client uses it.

1. The shared `config` file for the setting. If the setting is present, the SDK uses it. 
   + The `AWS_PROFILE` environment variable or the `aws.profile` JVM system property can be used to specify which profile that the SDK loads.

1. Any default value provided by the SDK source code itself is used last. 

**Note**  
Some SDKs and tools might check in a different order. Also, some SDKs and tools support other methods of storing and retrieving parameters. For example, the Amazon SDK for .NET supports an additional source called the [SDK Store](https://docs.amazonaws.cn/sdk-for-net/latest/developer-guide/sdk-store.html). For more information about providers that are unique to a SDK or tool, see the specific guide for the SDK or tool that you are using.

The order determines which methods take precedence and override others. For example, if you set up a profile in the shared `config` file, it's only found and used after the SDK or tool checks the other places first. This means that if you put a setting in the `credentials` file, it is used instead of one found in the `config` file. If you configure an environment variable with a setting and value, it would override that setting in both the `credentials` and `config` files. And finally, a setting on the individual operation (Amazon CLI command-line parameter or API parameter) or in code would override all other values for that one command.

## Understanding the settings pages of this guide
<a name="settingsPages"></a>

The pages within the **Settings reference** section of this guide detail the available settings that can be set through various mechanisms. The tables that follow list the config and credential file settings, environment variables, and (for Java and Kotlin SDKs) the JVM settings that can be used outside of your code to configure the feature. Each linked topic in each list takes you to the corresponding settings page.
+ [`Config` file settings list](#ConfigFileSettings)
+ [`Credentials` file settings list](#CredFileSettings)
+ [Environment variables list](#EVarSettings)
+ [JVM system properties list](#JVMSettings)



 Each credential provider or feature has a page where the settings that are used to configure that functionality are listed. For each setting, you can often set the value either by adding the setting to a configuration file, or by setting an environment variable, or (for Java and Kotlin only) by setting a JVM system property. Each setting lists all supported methods of setting the value in a block above the details of the description. Although the [precedence](#precedenceOfSettings) varies, the resulting functionality is the same regardless of how you set it.

The description will include the default value, if any, that takes effect if you do nothing. It also defines what a valid value is for that setting. 

 For example, let's look at a setting from the [Request compression](feature-compression.md) feature page.

The `disable_request_compression` example setting's information documents the following:
+ There are three equivalent ways to control request compression outside of your codebase. You can either: 
  + Set it in your config file using `disable_request_compression` 
  +  Set it as an environment variable using `AWS_DISABLE_REQUEST_COMPRESSION`
  + Or, if you are using the Java or Kotlin SDK, set it as a JVM system property using `aws.disableRequestCompression`
**Note**  
There might also be a way to configure the same functionality directly in your code, but this Reference does not cover this since it is unique to each SDK. If you want to set your configuration in the code itself, see your specific SDK guide or API reference. 
+ If you do nothing, the value will default to `false`.
+ The only valid values for this Boolean setting are `true` and `false`.

At the bottom of each feature page there is a **Support by Amazon SDKs and tools** table.

This table shows whether your SDK supports the settings that are listed on the page. The `Supported` column indicates the support level with the following values: 
+ `Yes` – The settings are fully supported by the SDK as written.
+ `Partial` – Some of the settings are supported or the behavior deviates from the description. For `Partial`, an additional note indicates the deviation.
+ `No` – None of the settings are supported. This doesn't make claims as to whether the same functionality might be achieved in code; it only indicates that the listed external configuration settings are not supported. 

## `Config` file settings list
<a name="ConfigFileSettings"></a>

The settings listed in the following table can be assigned in the shared Amazon `config` file. They are global and affect all Amazon Web Services services. SDKs and tools may also support unique settings and environment variables. To see the settings and environment variables supported by only an individual SDK or tool, see that specific SDK or tool guide.


| Setting name | Details | 
| --- | --- | 
|  account\$1id\$1endpoint\$1mode  | [Account-based endpoints](feature-account-endpoints.md)  | 
|  api\$1versions  | [General configuration settings](feature-gen-config.md)  | 
|  auth\$1scheme\$1preference  | [Authentication scheme](feature-auth-scheme.md)  | 
|  aws\$1access\$1key\$1id  | [Amazon access keys](feature-static-credentials.md)  | 
|  aws\$1account\$1id  | [Account-based endpoints](feature-account-endpoints.md)  | 
|  aws\$1secret\$1access\$1key  | [Amazon access keys](feature-static-credentials.md)  | 
|  aws\$1session\$1token  | [Amazon access keys](feature-static-credentials.md)  | 
|  ca\$1bundle  | [General configuration settings](feature-gen-config.md)  | 
|  credential\$1process  | [Process credential provider](feature-process-credentials.md)  | 
|  credential\$1source  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  defaults\$1mode  | [Smart configuration defaults](feature-smart-config-defaults.md)  | 
|  disable\$1host\$1prefix\$1injection  | [Host prefix injection](feature-host-prefix.md)  | 
|  disable\$1request\$1compression  | [Request compression](feature-compression.md)  | 
|  duration\$1seconds  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  ec2\$1metadata\$1service\$1endpoint  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  ec2\$1metadata\$1service\$1endpoint\$1mode  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  ec2\$1metadata\$1v1\$1disabled  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  endpoint\$1discovery\$1enabled  | [Endpoint discovery](feature-endpoint-discovery.md)  | 
|  endpoint\$1url  | [Service-specific endpoints](feature-ss-endpoints.md)  | 
|  external\$1id  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  ignore\$1configured\$1endpoint\$1urls  | [Service-specific endpoints](feature-ss-endpoints.md)  | 
|  max\$1attempts  | [Retry behavior](feature-retry-behavior.md)  | 
|  metadata\$1service\$1num\$1attempts  | [Amazon EC2 instance metadata](feature-ec2-instance-metadata.md)  | 
|  metadata\$1service\$1timeout  | [Amazon EC2 instance metadata](feature-ec2-instance-metadata.md)  | 
|  mfa\$1serial  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  output  | [General configuration settings](feature-gen-config.md)  | 
|  parameter\$1validation  | [General configuration settings](feature-gen-config.md)  | 
|  region  | [Amazon Web Services Region](feature-region.md)  | 
|  request\$1checksum\$1calculation  | [Data Integrity Protections for Amazon S3](feature-dataintegrity.md)  | 
|  request\$1min\$1compression\$1size\$1bytes  | [Request compression](feature-compression.md)  | 
|  response\$1checksum\$1validation  | [Data Integrity Protections for Amazon S3](feature-dataintegrity.md)  | 
|  retry\$1mode  | [Retry behavior](feature-retry-behavior.md)  | 
|  role\$1arn  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  role\$1session\$1name  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  s3\$1disable\$1express\$1session\$1auth  | [S3 Express One Zone session authentication](feature-s3-express.md)  | 
|  s3\$1disable\$1multiregion\$1access\$1points  | [Amazon S3 Multi-Region Access Points](feature-s3-mrap.md)  | 
|  s3\$1use\$1arn\$1region  | [Amazon S3 access points](feature-s3-access-point.md)  | 
|  sdk\$1ua\$1app\$1id  | [Application ID](feature-appid.md)  | 
|  sigv4a\$1signing\$1region\$1set  | [Authentication scheme](feature-auth-scheme.md)  | 
|  source\$1profile  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  sso\$1account\$1id  | [IAM Identity Center credential provider](feature-sso-credentials.md)  | 
|  sso\$1region  | [IAM Identity Center credential provider](feature-sso-credentials.md)  | 
|  sso\$1registration\$1scopes  | [IAM Identity Center credential provider](feature-sso-credentials.md)  | 
|  sso\$1role\$1name  | [IAM Identity Center credential provider](feature-sso-credentials.md)  | 
|  sso\$1start\$1url  | [IAM Identity Center credential provider](feature-sso-credentials.md)  | 
|  sts\$1regional\$1endpoints  | [Amazon STS Regional endpoints](feature-sts-regionalized-endpoints.md)  | 
|  use\$1dualstack\$1endpoint  | [Dual-stack and FIPS endpoints](feature-endpoints.md)  | 
|  use\$1fips\$1endpoint  | [Dual-stack and FIPS endpoints](feature-endpoints.md)  | 
|  web\$1identity\$1token\$1file  | [Assume role credential provider](feature-assume-role-credentials.md)  | 

## `Credentials` file settings list
<a name="CredFileSettings"></a>

The settings listed in the following table can be assigned in the shared Amazon `credentials` file. They are global and affect all Amazon Web Services services. SDKs and tools may also support unique settings and environment variables. To see the settings and environment variables supported by only an individual SDK or tool, see that specific SDK or tool guide.


| Setting name | Details | 
| --- | --- | 
|  aws\$1access\$1key\$1id  | [Amazon access keys](feature-static-credentials.md)  | 
|  aws\$1secret\$1access\$1key  | [Amazon access keys](feature-static-credentials.md)  | 
|  aws\$1session\$1token  | [Amazon access keys](feature-static-credentials.md)  | 

## Environment variables list
<a name="EVarSettings"></a>

Environment variables supported by most SDKs are listed in the following table. They are global and affect all Amazon Web Services services. SDKs and tools may also support unique settings and environment variables. To see the settings and environment variables supported by only an individual SDK or tool, see that specific SDK or tool guide.


| Setting name | Details | 
| --- | --- | 
|  AWS\$1ACCESS\$1KEY\$1ID  | [Amazon access keys](feature-static-credentials.md)  | 
|  AWS\$1ACCOUNT\$1ID  | [Account-based endpoints](feature-account-endpoints.md)  | 
|  AWS\$1ACCOUNT\$1ID\$1ENDPOINT\$1MODE  | [Account-based endpoints](feature-account-endpoints.md)  | 
|  AWS\$1AUTH\$1SCHEME\$1PREFERENCE  | [Authentication scheme](feature-auth-scheme.md)  | 
|  AWS\$1CA\$1BUNDLE  | [General configuration settings](feature-gen-config.md)  | 
|  AWS\$1CONFIG\$1FILE  | [Finding and changing the location of the shared `config` and `credentials` files of Amazon SDKs and tools](file-location.md)  | 
|  AWS\$1CONTAINER\$1AUTHORIZATION\$1TOKEN  | [Container credential provider](feature-container-credentials.md)  | 
|  AWS\$1CONTAINER\$1AUTHORIZATION\$1TOKEN\$1FILE  | [Container credential provider](feature-container-credentials.md)  | 
|  AWS\$1CONTAINER\$1CREDENTIALS\$1FULL\$1URI  | [Container credential provider](feature-container-credentials.md)  | 
|  AWS\$1CONTAINER\$1CREDENTIALS\$1RELATIVE\$1URI  | [Container credential provider](feature-container-credentials.md)  | 
|  AWS\$1DEFAULTS\$1MODE  | [Smart configuration defaults](feature-smart-config-defaults.md)  | 
|  AWS\$1DISABLE\$1HOST\$1PREFIX\$1INJECTION  | [Host prefix injection](feature-host-prefix.md)  | 
|  AWS\$1DISABLE\$1REQUEST\$1COMPRESSION  | [Request compression](feature-compression.md)  | 
|  AWS\$1EC2\$1METADATA\$1DISABLED  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  AWS\$1EC2\$1METADATA\$1SERVICE\$1ENDPOINT  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  AWS\$1EC2\$1METADATA\$1SERVICE\$1ENDPOINT\$1MODE  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  AWS\$1EC2\$1METADATA\$1V1\$1DISABLED  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  AWS\$1ENABLE\$1ENDPOINT\$1DISCOVERY  | [Endpoint discovery](feature-endpoint-discovery.md)  | 
|  AWS\$1ENDPOINT\$1URL  | [Service-specific endpoints](feature-ss-endpoints.md)  | 
|  AWS\$1ENDPOINT\$1URL\$1<SERVICE>  | [Service-specific endpoints](feature-ss-endpoints.md)  | 
|  AWS\$1IGNORE\$1CONFIGURED\$1ENDPOINT\$1URLS  | [Service-specific endpoints](feature-ss-endpoints.md)  | 
|  AWS\$1MAX\$1ATTEMPTS  | [Retry behavior](feature-retry-behavior.md)  | 
|  AWS\$1METADATA\$1SERVICE\$1NUM\$1ATTEMPTS  | [Amazon EC2 instance metadata](feature-ec2-instance-metadata.md)  | 
|  AWS\$1METADATA\$1SERVICE\$1TIMEOUT  | [Amazon EC2 instance metadata](feature-ec2-instance-metadata.md)  | 
|  AWS\$1PROFILE  | [Using shared `config` and `credentials` files to globally configure Amazon SDKs and tools](file-format.md)  | 
|  AWS\$1REGION  | [Amazon Web Services Region](feature-region.md)  | 
|  AWS\$1REQUEST\$1CHECKSUM\$1CALCULATION  | [Data Integrity Protections for Amazon S3](feature-dataintegrity.md)  | 
|  AWS\$1REQUEST\$1MIN\$1COMPRESSION\$1SIZE\$1BYTES  | [Request compression](feature-compression.md)  | 
|  AWS\$1RESPONSE\$1CHECKSUM\$1VALIDATION  | [Data Integrity Protections for Amazon S3](feature-dataintegrity.md)  | 
|  AWS\$1RETRY\$1MODE  | [Retry behavior](feature-retry-behavior.md)  | 
|  AWS\$1ROLE\$1ARN  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  AWS\$1ROLE\$1SESSION\$1NAME  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  AWS\$1S3\$1DISABLE\$1EXPRESS\$1SESSION\$1AUTH  | [S3 Express One Zone session authentication](feature-s3-express.md)  | 
|  AWS\$1S3\$1DISABLE\$1MULTIREGION\$1ACCESS\$1POINTS  | [Amazon S3 Multi-Region Access Points](feature-s3-mrap.md)  | 
|  AWS\$1S3\$1USE\$1ARN\$1REGION  | [Amazon S3 access points](feature-s3-access-point.md)  | 
|  AWS\$1SDK\$1UA\$1APP\$1ID  | [Application ID](feature-appid.md)  | 
|  AWS\$1SECRET\$1ACCESS\$1KEY  | [Amazon access keys](feature-static-credentials.md)  | 
|  AWS\$1SESSION\$1TOKEN  | [Amazon access keys](feature-static-credentials.md)  | 
|  AWS\$1SHARED\$1CREDENTIALS\$1FILE  | [Finding and changing the location of the shared `config` and `credentials` files of Amazon SDKs and tools](file-location.md)  | 
|  AWS\$1SIGV4A\$1SIGNING\$1REGION\$1SET  | [Authentication scheme](feature-auth-scheme.md)  | 
|  AWS\$1STS\$1REGIONAL\$1ENDPOINTS  | [Amazon STS Regional endpoints](feature-sts-regionalized-endpoints.md)  | 
|  AWS\$1USE\$1DUALSTACK\$1ENDPOINT  | [Dual-stack and FIPS endpoints](feature-endpoints.md)  | 
|  AWS\$1USE\$1FIPS\$1ENDPOINT  | [Dual-stack and FIPS endpoints](feature-endpoints.md)  | 
|  AWS\$1WEB\$1IDENTITY\$1TOKEN\$1FILE  | [Assume role credential provider](feature-assume-role-credentials.md)  | 

## JVM system properties list
<a name="JVMSettings"></a>

You can use the following JVM system properties for the Amazon SDK for Java and the Amazon SDK for Kotlin (targeting the JVM). See [How to set JVM system properties](jvm-system-properties.md#jvm-sys-props-set) for instructions on how to set JVM system properties.


| Setting name | Details | 
| --- | --- | 
|  aws.accessKeyId  | [Amazon access keys](feature-static-credentials.md)  | 
|  aws.accountId  | [Account-based endpoints](feature-account-endpoints.md)  | 
|  aws.accountIdEndpointMode  | [Account-based endpoints](feature-account-endpoints.md)  | 
|  aws.authSchemePreference  | [Authentication scheme](feature-auth-scheme.md)  | 
|  aws.configFile  | [Finding and changing the location of the shared `config` and `credentials` files of Amazon SDKs and tools](file-location.md)  | 
|  aws.defaultsMode  | [Smart configuration defaults](feature-smart-config-defaults.md)  | 
|  aws.disableEc2MetadataV1  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  aws.disableHostPrefixInjection  | [Host prefix injection](feature-host-prefix.md)  | 
|  aws.disableRequestCompression  | [Request compression](feature-compression.md)  | 
|  aws.disableS3ExpressAuth  | [S3 Express One Zone session authentication](feature-s3-express.md)  | 
|  aws.ec2MetadataServiceEndpoint  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  aws.ec2MetadataServiceEndpointMode  | [IMDS credential provider](feature-imds-credentials.md)  | 
|  aws.endpointDiscoveryEnabled  | [Endpoint discovery](feature-endpoint-discovery.md)  | 
|  aws.endpointUrl  | [Service-specific endpoints](feature-ss-endpoints.md)  | 
|  aws.endpointUrl<ServiceName>  | [Service-specific endpoints](feature-ss-endpoints.md)  | 
|  aws.ignoreConfiguredEndpointUrls  | [Service-specific endpoints](feature-ss-endpoints.md)  | 
|  aws.maxAttempts  | [Retry behavior](feature-retry-behavior.md)  | 
|  aws.profile  | [Using shared `config` and `credentials` files to globally configure Amazon SDKs and tools](file-format.md)  | 
|  aws.region  | [Amazon Web Services Region](feature-region.md)  | 
|  aws.requestChecksumCalculation  | [Data Integrity Protections for Amazon S3](feature-dataintegrity.md)  | 
|  aws.requestMinCompressionSizeBytes  | [Request compression](feature-compression.md)  | 
|  aws.responseChecksumValidation  | [Data Integrity Protections for Amazon S3](feature-dataintegrity.md)  | 
|  aws.retryMode  | [Retry behavior](feature-retry-behavior.md)  | 
|  aws.roleArn  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  aws.roleSessionName  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  aws.s3DisableMultiRegionAccessPoints  | [Amazon S3 Multi-Region Access Points](feature-s3-mrap.md)  | 
|  aws.s3UseArnRegion  | [Amazon S3 access points](feature-s3-access-point.md)  | 
|  aws.secretAccessKey  | [Amazon access keys](feature-static-credentials.md)  | 
|  aws.sessionToken  | [Amazon access keys](feature-static-credentials.md)  | 
|  aws.sharedCredentialsFile  | [Finding and changing the location of the shared `config` and `credentials` files of Amazon SDKs and tools](file-location.md)  | 
|  aws.useDualstackEndpoint  | [Dual-stack and FIPS endpoints](feature-endpoints.md)  | 
|  aws.useFipsEndpoint  | [Dual-stack and FIPS endpoints](feature-endpoints.md)  | 
|  aws.webIdentityTokenFile  | [Assume role credential provider](feature-assume-role-credentials.md)  | 
|  sdk.ua.appId  | [Application ID](feature-appid.md)  |