Re: [I] AWS S3 token expired on multi-threaded app with Arc usage [arrow-rs-object-store]

Mon, 09 Mar 2026 08:05:22 -0700 


sergey-safarov commented on issue #655:
URL: 
https://github.com/apache/arrow-rs-object-store/issues/655#issuecomment-4024429973

   Initial provide using construction
   ```rust
   /// AWS credentials and region loaded via [aws_defaults] (env → config files 
→ server metadata).
   #[derive(Clone, Debug, Default)]
   pub struct AwsDefaults {
           pub access_key_id: Option<String>,
           pub secret_access_key: Option<String>,
           pub session_token: Option<String>,
           pub region: Option<String>,
   }
   
   /// Loads AWS credentials and region using the default chain (env, then 
`~/.aws/credentials` and
   /// `~/.aws/config`, then server metadata / IMDS). Resolves credentials 
once; if resolution fails
   /// (e.g. no credentials anywhere), returns `None` for credential fields so 
the client can use
   /// server metadata at request time.
   pub async fn aws_defaults() -> AwsDefaults {
           let config = 
aws_config::load_defaults(BehaviorVersion::latest()).await;
   
           let region = config.region().map(|r| r.as_ref().to_string());
   
           let credentials = match config.credentials_provider() {
                   Some(p) => p.provide_credentials().await.ok(),
                   None => None,
           };
   
           match credentials {
                   Some(creds) => AwsDefaults {
                           access_key_id: 
Some(creds.access_key_id().to_string()),
                           secret_access_key: 
Some(creds.secret_access_key().to_string()),
                           session_token: creds.session_token().map(|s| 
s.to_string()),
                           region,
                   },
                   None => AwsDefaults {
                           access_key_id: None,
                           secret_access_key: None,
                           session_token: None,
                           region,
                   },
           }
   }
   ```
   This set initial creeds using data present on server if this present. Some 
time admin want override creds  provided via metadata and define environment 
vars.
   And if no creds set via environment vars then used metadata creds.
   For initial creds I use 
[`aws_config`](https://docs.rs/aws-config/latest/aws_config/) crate.
   
   Do I understand properly if initial creds is  provided then `obeject-store` 
do not not refresh tokens?
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to