in src/Amazon.Common.DotNetCli.Tools/Commands/BaseCommand.cs [215:269]
protected AWSCredentials DetermineAWSCredentials()
{
if(this._resolvedCredentials != null)
{
return this._resolvedCredentials;
}
if (this.Credentials != null)
{
this._resolvedCredentials = this.Credentials;
}
else
{
var awsAccessKeyId = GetStringValueOrDefault(this.AWSAccessKeyId, CommonDefinedCommandOptions.ARGUMENT_AWS_ACCESS_KEY_ID, false);
var profile = this.GetStringValueOrDefault(this.Profile, CommonDefinedCommandOptions.ARGUMENT_AWS_PROFILE, false);
if(!string.IsNullOrEmpty(awsAccessKeyId))
{
var awsSecretKey = GetStringValueOrDefault(this.AWSSecretKey, CommonDefinedCommandOptions.ARGUMENT_AWS_SECRET_KEY, false);
var awsSessionToken = GetStringValueOrDefault(this.AWSSessionToken, CommonDefinedCommandOptions.ARGUMENT_AWS_SESSION_TOKEN, false);
if (string.IsNullOrEmpty(awsSecretKey))
throw new ToolsException("An AWS access key id was specified without a required AWS secret key. Either set an AWS secret key or remove the AWS access key id and use profiles for credentials.", ToolsException.CommonErrorCode.InvalidCredentialConfiguration);
if(string.IsNullOrEmpty(awsSessionToken))
{
this._resolvedCredentials = new BasicAWSCredentials(awsAccessKeyId, awsSecretKey);
}
else
{
this._resolvedCredentials = new SessionAWSCredentials(awsAccessKeyId, awsSecretKey, awsSessionToken);
}
}
else if (!string.IsNullOrEmpty(profile))
{
var chain = new CredentialProfileStoreChain(this.ProfileLocation);
if (!chain.TryGetAWSCredentials(profile, out this._resolvedCredentials))
{
this._resolvedCredentials = FallbackCredentialsFactory.GetCredentials();
}
}
else
{
this._resolvedCredentials = FallbackCredentialsFactory.GetCredentials();
}
if(this._resolvedCredentials is AssumeRoleAWSCredentials)
{
var assumeOptions = ((AssumeRoleAWSCredentials)this._resolvedCredentials).Options;
assumeOptions.MfaTokenCodeCallback = new AssumeRoleMfaTokenCodeCallback(assumeOptions).Execute;
}
}
return this._resolvedCredentials;
}