new configuration support for IMDSConfig

cai lin · kai-ion · commit 35b7c3aec429 · 2025-07-25T15:35:16.000Z
Add ClientConfiguration support for IMDS settings and update related classes

Fix: Shared pointer bug in AWSCredentialsProvider

allocator mismatch bug fix, change type using c_str()

new configuration support for IMDSConfig

Add ClientConfiguration support for IMDS settings and update related classes

Fix: Shared pointer bug in AWSCredentialsProvider

allocator mismatch bug fix, change type using c_str()

Fix shared pointer bug and update IMDS config structure

- Fix std::stol compilation error with Aws::String by using .c_str()
- Update IMDS configuration to use credentialProviderConfig.imdsConfig structure
- Add proper environment variable support for AWS_METADATA_SERVICE_TIMEOUT and AWS_METADATA_SERVICE_NUM_ATTEMPTS

Update IMDS configuration and credentials provider
diff --git a/src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentialsProvider.h b/src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentialsProvider.h
@@ -22,6 +22,10 @@
 
 namespace Aws
 {
+    namespace Client
+    {
+        struct ClientConfiguration;
+    }
     namespace Auth
     {
         constexpr int REFRESH_THRESHOLD = 1000 * 60 * 5;
@@ -212,6 +216,11 @@ namespace Aws
              */
             InstanceProfileCredentialsProvider(const std::shared_ptr<Aws::Config::EC2InstanceProfileConfigLoader>&, long refreshRateMs = REFRESH_THRESHOLD);
 
+            /**
+             * Initializes the provider using ClientConfiguration for IMDS settings.
+             */
+            InstanceProfileCredentialsProvider(const Aws::Client::ClientConfiguration& clientConfig, long refreshRateMs = REFRESH_THRESHOLD);
+
             /**
             * Retrieves the credentials if found, otherwise returns empty credential set.
             */
diff --git a/src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h b/src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h
@@ -440,7 +440,22 @@ namespace Aws
                */
               ResponseChecksumValidation responseChecksumValidation = ResponseChecksumValidation::WHEN_SUPPORTED;
             } checksumConfig;
-
+            
+            /**
+             * IMDS configuration settings
+             */
+            struct {
+              /**
+               * Number of total attempts to make when retrieving data from IMDS. Default 1.
+               */
+              long metadata_service_num_attempts = 1;
+              
+              /**
+               * Timeout in seconds when retrieving data from IMDS. Default 1.
+               */
+              long metadata_service_timeout = 1;
+            } imdsConfig;
+            
             /**
              * A helper function to read config value from env variable or aws profile config
              */
@@ -458,7 +473,7 @@ namespace Aws
              * Configuration that is specifically used for the windows http client
              */
             struct WinHTTPOptions {
-              /**
+              /**`
                * Sets the windows http client to use WINHTTP_NO_CLIENT_CERT_CONTEXT when connecting
                * to a service, specifically only useful when disabling ssl verification and using
                * a different type of authentication.
@@ -492,6 +507,21 @@ namespace Aws
             * AWS profile name to use for credentials.
             */
             Aws::String profile;
+
+            /**
+             * IMDS configuration settings
+             */
+            struct {
+              /**
+               * Number of total attempts to make when retrieving data from IMDS. Default 1.
+               */
+              long metadataServiceNumAttempts = 1;
+              
+              /**
+               * Timeout in seconds when retrieving data from IMDS. Default 1.
+               */
+              long metadataServiceTimeout = 1;
+            } imdsConfig;
           }credentialProviderConfig;
         };
 
diff --git a/src/aws-cpp-sdk-core/include/aws/core/config/EC2InstanceProfileConfigLoader.h b/src/aws-cpp-sdk-core/include/aws/core/config/EC2InstanceProfileConfigLoader.h
@@ -19,6 +19,11 @@ namespace Aws
         class EC2MetadataClient;
     }
 
+    namespace Client
+    {
+        struct ClientConfiguration;
+    }
+
     namespace Config
     {
         static const char* const INSTANCE_PROFILE_KEY = "InstanceProfile";
@@ -33,7 +38,12 @@ namespace Aws
              * If client is nullptr, the default EC2MetadataClient will be created.
              */
             EC2InstanceProfileConfigLoader(const std::shared_ptr<Aws::Internal::EC2MetadataClient>& = nullptr);
-
+            
+            /**
+             * Creates EC2MetadataClient using the provided ClientConfiguration.
+             */
+            EC2InstanceProfileConfigLoader(const Aws::Client::ClientConfiguration& clientConfig);
+            
             virtual ~EC2InstanceProfileConfigLoader() = default;
 
         protected:
diff --git a/src/aws-cpp-sdk-core/source/auth/AWSCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/AWSCredentialsProvider.cpp
@@ -7,6 +7,7 @@
 #include <aws/core/auth/AWSCredentialsProvider.h>
 
 #include <aws/core/config/AWSProfileConfigLoader.h>
+#include <aws/core/client/ClientConfiguration.h>
 #include <aws/core/platform/Environment.h>
 #include <aws/core/platform/FileSystem.h>
 #include <aws/core/platform/OSVersionInfo.h>
@@ -242,6 +243,12 @@ InstanceProfileCredentialsProvider::InstanceProfileCredentialsProvider(const std
     AWS_LOGSTREAM_INFO(INSTANCE_LOG_TAG, "Creating Instance with injected EC2MetadataClient and refresh rate " << refreshRateMs);
 }
 
+InstanceProfileCredentialsProvider::InstanceProfileCredentialsProvider(const Aws::Client::ClientConfiguration& clientConfig, long refreshRateMs) :
+    m_ec2MetadataConfigLoader(Aws::MakeShared<Aws::Config::EC2InstanceProfileConfigLoader>(INSTANCE_LOG_TAG, clientConfig)),
+    m_loadFrequencyMs(refreshRateMs)
+{
+    AWS_LOGSTREAM_INFO(INSTANCE_LOG_TAG, "Creating Instance with IMDS timeout: " << clientConfig.credentialProviderConfig.imdsConfig.metadataServiceTimeout << "s, attempts: " << clientConfig.credentialProviderConfig.imdsConfig.metadataServiceNumAttempts);
+}
 
 AWSCredentials InstanceProfileCredentialsProvider::GetAWSCredentials()
 {
diff --git a/src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp b/src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp
@@ -41,6 +41,10 @@ static const char* DISABLE_IMDSV1_CONFIG_VAR = "AWS_EC2_METADATA_V1_DISABLED";
 static const char* DISABLE_IMDSV1_ENV_VAR = "ec2_metadata_v1_disabled";
 static const char* AWS_ACCOUNT_ID_ENDPOINT_MODE_ENVIRONMENT_VARIABLE = "AWS_ACCOUNT_ID_ENDPOINT_MODE";
 static const char* AWS_ACCOUNT_ID_ENDPOINT_MODE_CONFIG_FILE_OPTION = "account_id_endpoint_mode";
+static const char* AWS_METADATA_SERVICE_TIMEOUT_ENV_VAR = "AWS_METADATA_SERVICE_TIMEOUT";
+static const char* AWS_METADATA_SERVICE_TIMEOUT_CONFIG_VAR = "metadata_service_timeout";
+static const char* AWS_METADATA_SERVICE_NUM_ATTEMPTS_ENV_VAR = "AWS_METADATA_SERVICE_NUM_ATTEMPTS";
+static const char* AWS_METADATA_SERVICE_NUM_ATTEMPTS_CONFIG_VAR = "metadata_service_num_attempts";
 
 using RequestChecksumConfigurationEnumMapping = std::pair<const char*, RequestChecksumCalculation>;
 static const std::array<RequestChecksumConfigurationEnumMapping, 2> REQUEST_CHECKSUM_CONFIG_MAPPING = {{
@@ -288,6 +292,31 @@ void setConfigFromEnvOrProfile(ClientConfiguration &config)
         AWS_ACCOUNT_ID_ENDPOINT_MODE_CONFIG_FILE_OPTION,
         {"required", "disabled", "preferred"}, /* allowed values */
         "preferred" /* default value */);
+    
+    // Load IMDS configuration from environment variables and config file
+    Aws::String timeoutStr = ClientConfiguration::LoadConfigFromEnvOrProfile(AWS_METADATA_SERVICE_TIMEOUT_ENV_VAR,
+        config.profileName,
+        AWS_METADATA_SERVICE_TIMEOUT_CONFIG_VAR,
+        {}, /* allowed values */
+        "1" /* default value */);
+
+    // Load IMDS configuration from environment variables and config file
+    Aws::String numAttemptsStr = ClientConfiguration::LoadConfigFromEnvOrProfile(AWS_METADATA_SERVICE_NUM_ATTEMPTS_ENV_VAR,
+        config.profileName,
+        AWS_METADATA_SERVICE_NUM_ATTEMPTS_CONFIG_VAR,
+        {}, /* allowed values */
+        "1" /* default value */);
+
+    // Parse and set IMDS num attempts
+    long attempts = std::stol(numAttemptsStr.c_str());
+    if (attempts >= 1) {
+        config.credentialProviderConfig.imdsConfig.metadataServiceNumAttempts = attempts;
+    }
+    // Parse and set IMDS timeout
+    long timeout = std::stol(timeoutStr.c_str());
+    if (timeout >= 1) {
+        config.credentialProviderConfig.imdsConfig.metadataServiceTimeout = timeout;
+    }
 }
 
 ClientConfiguration::ClientConfiguration()
diff --git a/src/aws-cpp-sdk-core/source/config/EC2InstanceProfileConfigLoader.cpp b/src/aws-cpp-sdk-core/source/config/EC2InstanceProfileConfigLoader.cpp
@@ -6,6 +6,7 @@
 #include <aws/core/config/AWSProfileConfigLoader.h>
 #include <aws/core/internal/AWSHttpResourceClient.h>
 #include <aws/core/auth/AWSCredentialsProvider.h>
+#include <aws/core/client/ClientConfiguration.h>
 #include <aws/core/utils/memory/stl/AWSList.h>
 #include <aws/core/utils/logging/LogMacros.h>
 #include <aws/core/utils/json/JsonSerializer.h>
@@ -37,6 +38,9 @@ namespace Aws
                 m_ec2metadataClient = client;
             }
         }
+        EC2InstanceProfileConfigLoader::EC2InstanceProfileConfigLoader(const Aws::Client::ClientConfiguration& clientConfig)
+            : m_ec2metadataClient(Aws::MakeShared<Aws::Internal::EC2MetadataClient>(EC2_INSTANCE_PROFILE_LOG_TAG, clientConfig)) 
+        {}
 
         bool EC2InstanceProfileConfigLoader::LoadInternal()
         {

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`#include <aws/core/config/AWSProfileConfigLoader.h>`
`7`	`7`	`#include <aws/core/internal/AWSHttpResourceClient.h>`
`8`	`8`	`#include <aws/core/auth/AWSCredentialsProvider.h>`
	`9`	`+#include <aws/core/client/ClientConfiguration.h>`
`9`	`10`	`#include <aws/core/utils/memory/stl/AWSList.h>`
`10`	`11`	`#include <aws/core/utils/logging/LogMacros.h>`
`11`	`12`	`#include <aws/core/utils/json/JsonSerializer.h>`
`@@ -37,6 +38,9 @@ namespace Aws`
`37`	`38`	`m_ec2metadataClient = client;`
`38`	`39`	`}`
`39`	`40`	`}`
	`41`	`+ EC2InstanceProfileConfigLoader::EC2InstanceProfileConfigLoader(const Aws::Client::ClientConfiguration& clientConfig)`
	`42`	`+ : m_ec2metadataClient(Aws::MakeShared<Aws::Internal::EC2MetadataClient>(EC2_INSTANCE_PROFILE_LOG_TAG, clientConfig))`
	`43`	`+ {}`
`40`	`44`
`41`	`45`	`bool EC2InstanceProfileConfigLoader::LoadInternal()`
`42`	`46`	`{`