Configuring the AWS Go SDK with Role Profiles

The AWS Go SDK configuration docs don’t provide an example of how to configure your code to use a role-based profile (that gets its keys from another profile) from your credentials file. It took me a few minutes to figure this out, so posting this here in case someone else searches for it, maybe I can save you the time :)

Photo by Kevin Ku on Unsplash

If your ~/.aws/credentials file contains profiles that just specify a role, where they then use the source_profile attribute to point to the profile that actually has the AWS access and secret keys, it’s not immediately obvious how to configure this in the Go SDK. Here’s what I mean specifically, in terms of what you might have in your credentials file:

Notice how there is an “orgaccount” profile that contains the keys, but then two other profiles that reference that one for their keys. If you use this type of configuration (typical when using an AWS organization, where you create IAM users, and then you have accounts in your org that actually contain your resources and you use a role to switch to those accounts), with the Go SDK it’s not as obvious how you specify that profile.

Compare this to say Python, where you can simply name the profile and it figures it out, e.g.:

In Go, it’s not very different, but you would do this:

The key piece here is setting that SharedConfigState option. Hope this can save someone else a few minutes.

NatureQuant CTO/Co-founder. HotelTonight Co-founder. Cyclist, trail runner, espresso & coffee lover, geek, traveler, foodie.