amazon-web-servicesrustaws-sdk-rust

How can I use hardcoded access key ID & secret key credentials when using the AWS SDK for Rust?


In Boto3 I could provide the access key explicitly:

dynamodb_client = boto3.resource("dynamodb",
                                 region_name=...,
                                 aws_access_key_id=...,
                                 aws_secret_access_key=...)

How can I achieve the same in Rust?

I only see a function that reads it from env (~/.aws/credentials):

let shared_config: SdkConfig = aws_config::load_from_env().await;

Solution

  • Standard caveat applies: please don't use hardcoded credentials unless absolutely necessary - it isn't secure.

    Use the aws-credential-types dependency with the hardcoded-credentials feature enabled. This will allow you to use the Credentials::from_keys method:

    /// Creates Credentials from hardcoded access key, secret key, and session token.

    use aws_credential_types::Credentials;
    
    // ...
    
    let access_key_id = "xxx";
    let secret_access_key = "yyy";
    
    let credentials = Credentials::from_keys(access_key_id, secret_access_key, None);
    

    Here is a complete yet minimal working Rust CLI app to demonstrate the above:

    // cargo.toml
    
    [package]
    name = "aws-sdk-for-rust-hardcoded-credentials-demo"
    version = "0.1.0"
    edition = "2021"
    
    [dependencies]
    aws-credential-types = { version = "1.1.1", features = ["hardcoded-credentials"] }
    aws-types = "1.1.1"
    aws-sdk-dynamodb = { version = "1.7.0", features = ["behavior-version-latest"] }
    tokio = { version = "1", features = ["full"] }
    
    // main.rs
    
    use aws_credential_types::Credentials;
    use aws_sdk_dynamodb::Config;
    use aws_types::region::Region;
    
    #[tokio::main]
    async fn main() {
        let access_key_id = "xxx";
        let secret_access_key = "yyy";
    
        let credentials = Credentials::from_keys(access_key_id, secret_access_key, None);
    
        let config = Config::builder()
            .credentials_provider(credentials)
            .region(Region::new("eu-west-1"))
            .build();
    
        let dynamodb_client = aws_sdk_dynamodb::Client::from_conf(config);
    
        let list_tables_response = dynamodb_client.list_tables().send().await.unwrap();
    
        if let Some(table_names) = list_tables_response.table_names {
            println!("DynamoDB tables: {:?}", table_names);
        } else {
            println!("No DynamoDB tables");
        }
    }