Skip to main content

Credential Resolution

Credentials are automatically resolved by the SDK. The order of precedence when resolving credentials is:

  1. Static Credentials
  2. Environment Credentials
  3. AWS IAM Identity Center (Single Sign-On) Credentials
  4. Shared Credentials
  5. Instance Profile Credentials

Static Credentials

Credentials provided in code using AWS Options are "Static Credentials".

Environment Credentials

Environment credentials are provided via the environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN.

AWS IAM Identity Center (Single Sign-On) Credentials

If the current configured AWS profile specifies a Single Sign-On (SSO) source, credentials will be automatically resolved. Learn more in AWS IAM Identity Center.

Instance Profile Credentials

When running on an Elastic Compute Cloud (EC2) instance or inside an Elastic Container Service (ECS) instance, credentials will be automatically sourced from the instance profile.

Credential resolution on mobile platforms

For mobile platforms, Android and iOS, the only source for credentials are static credentials (whatever you configure using AWS Options). On mobile platforms it is more typical to use Amazon Cognito as an identity provider and credentials source. Amazon Cognito requires some setup and configuration so it is not automatic.