Skip to content

Commit

Permalink
Merge pull request #74 from aws/sts-readme-fix
Browse files Browse the repository at this point in the history
Update README to explain when to use default credentials
  • Loading branch information
grsubramanian authored Jul 11, 2022
2 parents 6fc8f34 + 62f5899 commit 5e2cb95
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,10 @@ The Default Credential Provider Chain must contain the permissions necessary to
For example, if the client is an EC2 instance, its instance profile should have permission to assume the
`msk_client_role`.

### Figuring out whether or not to use default credentials

When you want the MSK client to connect to MSK using credentials not found in the [AWS Default Credentials Provider Chain][DefaultCreds], you can specify an `awsProfileName` containing the credential profile to use, or an `awsRoleArn` to indicate an IAM Role’s ARN to assume using credentials in the Default Credential Provider Chain. These parameters are optional, and if they are not set the MSK client will use credentials from the Default Credential Provider Chain. There is no need to specify them if you intend to use an IAM role associated with an AWS compute service, such as EC2 or ECS to authenticate to MSK.

### Retries while getting credentials
In some scenarios the IAM credentials might be transiently unavailable. This will cause the connection to fail, which
might in some cases cause the client application to stop.
Expand Down

0 comments on commit 5e2cb95

Please sign in to comment.