This vignette gives guidance on how to manage AWS auth within
sixtyfour
.
paws auth
We use the package paws to
interact with AWS. paws
also handles the authentication.
paws
looks for credentials in a few different places, in
the following order:
- “Settings” (aka: function inputs) provided to individual AWS services paws service settings
- Environment variables paws supported env vars
- You can set the three most important environment variables within R
for the current R session like:
Sys.setenv(AWS_ACCESS_KEY_ID = "", AWS_SECRET_ACCESS_KEY = "", AWS_REGION = "us-west-2")
. Or set them in a variety of ways to be available across R sessions. See the [R Startup chapter][r-startup] of What They Forgot to Teach You About R book for more details.
- The default location for the AWS shared credentials file is
~/.aws/credentials
. Look there to see if you have this set. - The default location for the AWS config file is
~/.aws/config
- An EC2 instance or IAM role
sixtyfour
intializes R6 classes that are the object
behind a paws
service (e.g., for S3), and during the
initialization it attempts to gather credentials following the above
order.
sixtyfour
does not provide any mechanism directly in the
package to modify what credentials are used. However, following the
paws
docs linked above you can modify what credentials are
used by adjusting what credentials you have set.
Some users may have more than one set of credentials - the next
section digs into how to approach making sure sixtyfour
is
using the credentials you want to be using.
Note that the first option above - passing credentials directly as
function parameters - we do not use in sixtyfour
so that
we’re not encouraging secrets being directly put into code where those
secrets may show up in public.
For many different auth scenarios see the paws credentials docs.
Setting credentials
It probably makes the most sense to manage your AWS credentials using only one of the above methods. However, you may need to use a combination depending on your needs.
There are various ways to set credentials. Most often - as the paws docs
spell out - you will tell paws
what creds to use via
environment variables. You can do that in various ways:
- You can already have env vars exported globally on your system, and then R will pick those up
- Start R with an env var set just for that R session, for example:
AWS_REGION=us-east-1 R
, then when you loadpaws
it will use that env var - You can set env vars within an R session, either globally for the
session or perhaps with for exmaple
withr::with_envvar
, setting a certain set of AWS creds for just the duration of the call block passed in towith_envvar
.