Authenticating with AWS using AWS SDK for Rust - AWS SDK for Rust
More authentication information

Authenticating with AWS using AWS SDK for Rust

You must establish how your code authenticates with AWS when developing with AWS services. You can configure programmatic access to AWS resources in different ways depending on the environment and the AWS access available to you.

To choose your method of authentication and configure it for the SDK, see Authentication and access in the AWS SDKs and Tools Reference Guide.

We recommend that new users who are developing locally and are not given a method of authentication by their employer should set up AWS IAM Identity Center. This method includes installing the AWS CLI for ease of configuration and for regularly signing in to the AWS access portal.

If you choose this method, complete the procedure for Login for AWS local development using console credentials in the AWS SDKs and Tools Reference Guide. Afterwards, your environment should contain the following elements:

  • The AWS CLI, which you use to start an AWS access portal session before you run your application.

  • A shared AWSconfig file having a [default] profile with a set of configuration values that can be referenced from the SDK. To find the location of this file, see Location of the shared files in the AWS SDKs and Tools Reference Guide.

  • The shared config file sets the region setting. This sets the default AWS Region that the SDK uses for AWS requests. This Region is used for SDK service requests that aren't specified with a Region to use.

  • The SDK uses the profile’s Login credential provider configuration to acquire credentials before sending requests to AWS. The login_session value, which stores the identity of the management console session that you selected during the login workflow, allows access to the AWS services used in your application.

    The following sample config file shows a default profile set up with Login credentials provider configuration console session selected during the login workflow. The profile's login_session setting refers to the named console session selected during the workflow:

    [default]
login_session = arn:aws:iam::0123456789012:user/username
region = us-east-1
    Note

    You must enable the credentials-login feature of the aws-config crate to make use of this credential provider.

More authentication information

Human users, also known as human identities, are the people, administrators, developers, operators, and consumers of your applications. They must have an identity to access your AWS environments and applications. Human users that are members of your organization - that means you, the developer - are known as workforce identities.

Use temporary credentials when accessing AWS. You can use an identity provider for your human users to provide federated access to AWS accounts by assuming roles, which provide temporary credentials. For centralized access management, we recommend that you use AWS IAM Identity Center (IAM Identity Center) to manage access to your accounts and permissions within those accounts. For more alternatives, see the following: