From 2eee03e9756c67fd8f94ae129ede1fda72419091 Mon Sep 17 00:00:00 2001 From: Ryan Tam Date: Sat, 24 Jan 2026 11:46:09 +0000 Subject: [PATCH] docs: Make clear how to disable EC2MetadataInstanceProfileCredentialsProvider with `AWS_EC2_METADATA_DISABLED` env var A quick grep through the codebase[*] shows that `AWS_EC2_METADATA_DISABLED` is not a CMake style flag where (one of ON or OFF) is expected, instead it's an environment variable where only TRUE (case-insensitive) means it's active. Update docs to reflect that. [*] ``` > grep -r AWS_EC2_METADATA_DISABLED src src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp:static const char AWS_EC2_METADATA_DISABLED[] = "AWS_EC2_METADATA_DISABLED"; src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp: const auto ec2MetadataDisabled = Aws::Environment::GetEnv(AWS_EC2_METADATA_DISABLED); src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp: AWS_LOGSTREAM_DEBUG(DefaultCredentialsProviderChainTag, "The environment variable value " << AWS_EC2_METADATA_DISABLED src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp: const auto ec2MetadataDisabled = Aws::Environment::GetEnv(AWS_EC2_METADATA_DISABLED); src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp: AWS_LOGSTREAM_DEBUG(DefaultCredentialsProviderChainTag, "The environment variable value " << AWS_EC2_METADATA_DISABLED src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp: Aws::Utils::StringUtils::ToLower(Aws::Environment::GetEnv("AWS_EC2_METADATA_DISABLED").c_str()) != "true") src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp: Aws::Utils::StringUtils::ToLower(Aws::Environment::GetEnv("AWS_EC2_METADATA_DISABLED").c_str()) != "true") src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp: Aws::Utils::StringUtils::ToLower(Aws::Environment::GetEnv("AWS_EC2_METADATA_DISABLED").c_str()) != "true") { src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp: Aws::Utils::StringUtils::ToLower(Aws::Environment::GetEnv("AWS_EC2_METADATA_DISABLED").c_str()) != "true") src/aws-cpp-sdk-core/source/config/defaults/ClientConfigurationDefaults.cpp: Aws::Utils::StringUtils::ToLower(Aws::Environment::GetEnv("AWS_EC2_METADATA_DISABLED").c_str()) != "true") ``` --- docs/Credentials_Providers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Credentials_Providers.md b/docs/Credentials_Providers.md index 1efaa07a078..942421f98e7 100644 --- a/docs/Credentials_Providers.md +++ b/docs/Credentials_Providers.md @@ -8,7 +8,7 @@ The default credential provider chain does the following: 3. Contacts and logs in to a trusted identity provider (Cognito, Login with Amazon, Facebook, Google). The sdk looks for the login information to these providers either on the environment variables: AWS_ROLE_ARN, AWS_WEB_IDENTITY_TOKEN_FILE, AWS_ROLE_SESSION_NAME. Or on a profile in your $HOME/.aws/credentials. 4. Checks for an external method set as part of a profile on $HOME/.aws/config to generate or look up credentials that isn't directly supported by AWS. 5. Contacts the ECS TaskRoleCredentialsProvider service to request credentials if Environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI has been set. -6. Contacts the EC2MetadataInstanceProfileCredentialsProvider service to request credentials if AWS_EC2_METADATA_DISABLED is NOT set to ON. +6. Contacts the EC2MetadataInstanceProfileCredentialsProvider service to request credentials if the AWS_EC2_METADATA_DISABLED environment variable is NOT set to `true`. The simplest way to communicate with AWS is to ensure we can find your credentials in one of these locations.