aws-sdk-core 2.0.0.rc6 → 2.0.0.rc7

data/apis/source/sts-2011-06-15.json

@@ -8,7 +8,7 @@
   "global_endpoint": "sts.amazonaws.com",
   "endpoint_prefix": "sts",
   "xmlnamespace": "https://sts.amazonaws.com/doc/2011-06-15/",
-  "documentation": "\n\t\t<fullname>AWS Security Token Service</fullname>\n\n\t\t<p> The AWS Security Token Service (AWS STS) is a web service that enables you to request temporary,\n\t\t\tlimited-privilege credentials for AWS Identity and Access Management (AWS IAM) users or for users that you authenticate\n\t\t\t(federated users). This guide provides descriptions of the AWS STS API. For more detailed\n\t\t\tinformation about using this service, go to <a href=\"http://docs.aws.amazon.com/IAM/latest/UsingSTS/Welcome.html\" target=\"_blank\">Using\n\t\t\t\tTemporary Security Credentials</a>. </p>\n\n\t\t<note> As an alternative to using the API, you can use one of the AWS SDKs, which consist of\n\t\t\tlibraries and sample code for various programming languages and platforms (Java, Ruby, .NET,\n\t\t\tiOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to\n\t\t\tAWS STS. For example, the SDKs take care of cryptographically signing requests, managing\n\t\t\terrors, and retrying requests automatically. For information about the AWS SDKs, including how\n\t\t\tto download and install them, see the <a href=\"http://aws.amazon.com/tools/\">Tools for Amazon\n\t\t\t\tWeb Services page</a>. </note>\n\n\t\t<p> For information about setting up signatures and authorization through the API, go to <a href=\"http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html\" target=\"_blank\">Signing AWS API Requests</a> in the <i>AWS General Reference</i>. For\n\t\t\tgeneral information about the Query API, go to <a href=\"http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html\" target=\"_blank\">Making Query Requests</a> in <i>Using IAM</i>. For information about using\n\t\t\tsecurity tokens with other AWS products, go to <a href=\"http://docs.aws.amazon.com/IAM/latest/UsingSTS/UsingTokens.html\">Using Temporary\n\t\t\t\tSecurity Credentials to Access AWS</a> in <i>Using Temporary Security Credentials</i>. </p>\n\n\t\t<p> If you're new to AWS and need additional technical information about a specific AWS product,\n\t\t\tyou can find the product's technical documentation at <a href=\"http://aws.amazon.com/documentation/\" target=\"_blank\">http://aws.amazon.com/documentation/</a>. </p>\n\n\t\t<p><b>Endpoints</b></p>\n\t\t<p>For information about AWS STS endpoints, see <a href=\"http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region\" target=\"_blank\">Regions and Endpoints</a> in the <i>AWS General Reference</i>.</p>\n\n\t\t<p><b>Recording API requests</b></p>\n\t\t<p>AWS STS supports AWS CloudTrail, which is a service that records AWS calls for your AWS account and delivers \n\t\t\tlog files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine what \n\t\t\trequests were successfully made to AWS STS, who made the request, when it was made, and so on. To learn more about \n\t\t\tCloudTrail, including how to turn it on and find your log files, see the \n\t\t\t<a href=\"http://docs.aws.amazon.com/awscloudtrail/latest/userguide/whatisawscloudtrail.html\">AWS CloudTrail User Guide</a>.</p>\n\n\n\t",
+  "documentation": "\n\t\t<fullname>AWS Security Token Service</fullname>\n\n\t\t<p> The AWS Security Token Service (AWS STS) is a web service that enables you to request temporary,\n\t\t\tlimited-privilege credentials for AWS Identity and Access Management (AWS IAM) users or for users that you authenticate\n\t\t\t(federated users). This guide provides descriptions of the AWS STS API. For more detailed\n\t\t\tinformation about using this service, go to <a href=\"http://docs.aws.amazon.com/IAM/latest/UsingSTS/Welcome.html\" target=\"_blank\">Using\n\t\t\t\tTemporary Security Credentials</a>. </p>\n\n\t\t<note> As an alternative to using the API, you can use one of the AWS SDKs, which consist of\n\t\t\tlibraries and sample code for various programming languages and platforms (Java, Ruby, .NET,\n\t\t\tiOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to\n\t\t\tAWS STS. For example, the SDKs take care of cryptographically signing requests, managing\n\t\t\terrors, and retrying requests automatically. For information about the AWS SDKs, including how\n\t\t\tto download and install them, see the <a href=\"http://aws.amazon.com/tools/\">Tools for Amazon\n\t\t\t\tWeb Services page</a>. </note>\n\n\t\t<p> For information about setting up signatures and authorization through the API, go to <a href=\"http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html\" target=\"_blank\">Signing AWS API Requests</a> in the <i>AWS General Reference</i>. For\n\t\t\tgeneral information about the Query API, go to <a href=\"http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html\" target=\"_blank\">Making Query Requests</a> in <i>Using IAM</i>. For information about using\n\t\t\tsecurity tokens with other AWS products, go to <a href=\"http://docs.aws.amazon.com/IAM/latest/UsingSTS/UsingTokens.html\">Using Temporary\n\t\t\t\tSecurity Credentials to Access AWS</a> in <i>Using Temporary Security Credentials</i>. </p>\n\n\t\t<p> If you're new to AWS and need additional technical information about a specific AWS product,\n\t\t\tyou can find the product's technical documentation at <a href=\"http://aws.amazon.com/documentation/\" target=\"_blank\">http://aws.amazon.com/documentation/</a>. </p>\n\n\t\t<p>\n\t\t\t<b>Endpoints</b>\n\t\t</p>\n\t\t<p>For information about AWS STS endpoints, see <a href=\"http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region\" target=\"_blank\">Regions and Endpoints</a> in the <i>AWS General Reference</i>.</p>\n\t",
   "operations": {
     "AssumeRole": {
       "name": "AssumeRole",
@@ -55,6 +55,22 @@
             "max_length": 96,
             "pattern": "[\\w+=,.@:-]*",
             "documentation": "\n\t\t<p> A unique identifier that is used by third parties to assume a role in their customers'\n\t\t\taccounts. For each role that the third party can assume, they should instruct their customers\n\t\t\tto create a role with the external ID that the third party generated. Each time the third\n\t\t\tparty assumes the role, they must pass the customer's external ID. The external ID is useful\n\t\t\tin order to help third parties bind a role to the customer who created it. For more\n\t\t\tinformation about the external ID, see <a href=\"http://docs.aws.amazon.com/STS/latest/UsingSTS/sts-delegating-externalid.html\" target=\"_blank\">About the External ID</a> in <i>Using Temporary Security Credentials</i>.\n\t\t</p>\n\t"
+          },
+          "SerialNumber": {
+            "shape_name": "serialNumberType",
+            "type": "string",
+            "min_length": 9,
+            "max_length": 256,
+            "pattern": "[\\w+=/:,.@-]*",
+            "documentation": null
+          },
+          "TokenCode": {
+            "shape_name": "tokenCodeType",
+            "type": "string",
+            "min_length": 6,
+            "max_length": 6,
+            "pattern": "[\\d]*",
+            "documentation": null
           }
         },
         "documentation": null
@@ -804,7 +820,7 @@
       "errors": [
 
       ],
-      "documentation": "\n\t\t<p> Returns a set of temporary credentials for an AWS account or IAM user. The credentials\n\t\t\tconsist of an access key ID, a secret access key, and a security token. Typically, you use\n\t\t\t\t<code>GetSessionToken</code> if you want use MFA to protect programmatic calls to specific\n\t\t\tAWS APIs like Amazon EC2 <code>StopInstances</code>. MFA-enabled IAM users would need to call\n\t\t\t\t<code>GetSessionToken</code> and submit an MFA code that is associated with their MFA\n\t\t\tdevice. Using the temporary security credentials that are returned from the call, IAM users\n\t\t\tcan then make programmatic calls to APIs that require MFA authentication. </p>\n\n\t\t<p> The <code>GetSessionToken</code> action must be called by using the long-term AWS security\n\t\t\tcredentials of the AWS account or an IAM user. Credentials that are created by IAM users are\n\t\t\tvalid for the duration that you specify, between 900 seconds (15 minutes) and 129600 seconds\n\t\t\t(36 hours); credentials that are created by using account credentials have a maximum duration\n\t\t\tof 3600 seconds (1 hour). </p>\n\t\t\n\t\t<p>The permissions associated with the temporary security credentials returned by <code>GetSessionToken</code>\n\t\t\tare based on the permissions associated with account or IAM user whose credentials are used to \n\t\t\tcall the action. If <code>GetSessionToken</code> is called using root account credentials, the\n\t\t\ttemporary credentials have root account permissions. Similarly, if <code>GetSessionToken</code>\n\t\t\tis called using the credentials of an IAM user, the temporary credentials have the same \n\t\t\tpermissions as the IAM user.\n\t\t</p>\n\t\t\n\t\t<p>For more information about using <code>GetSessionToken</code> to create temporary\n\t\t\tcredentials, go to <a href=\"http://docs.aws.amazon.com/IAM/latest/UserGuide/CreatingSessionTokens.html\" target=\"_blank\"> Creating Temporary Credentials to Enable Access for IAM Users </a> in\n\t\t\t\t<i>Using IAM</i>. \n\t\t</p>\n\n\t\t<examples>\n\t\t\t<queryrequest>\n\t\t\t\thttps://sts.amazonaws.com/\n?Version=2011-06-15\n&Action=GetSessionToken\n&DurationSeconds=3600\n&SerialNumber=YourMFADeviceSerialNumber\n&TokenCode=123456\n&AUTHPARAMS\n\t\t\t</queryrequest>\n\n\t\t\t<queryresponse>\n\t\t\t\t<GetSessionTokenResponse xmlns=\"https://sts.amazonaws.com/doc/2011-06-15/\">\n  <GetSessionTokenResult>\n    <Credentials>\n      <SessionToken>\n       AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/L\n       To6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3z\n       rkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtp\n       Z3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE\n      </SessionToken>\n      <SecretAccessKey>\n      wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY\n      </SecretAccessKey>\n      <Expiration>2011-07-11T19:55:29.611Z</Expiration>\n      <AccessKeyId>AKIAIOSFODNN7EXAMPLE</AccessKeyId>\n    </Credentials>\n  </GetSessionTokenResult>\n  <ResponseMetadata>\n    <RequestId>58c5dbae-abef-11e0-8cfe-09039844ac7d</RequestId>\n  </ResponseMetadata>\n</GetSessionTokenResponse>\n\t\t\t</queryresponse>\n\t\t</examples>\n\t"
+      "documentation": "\n\t\t<p> Returns a set of temporary credentials for an AWS account or IAM user. The credentials\n\t\t\tconsist of an access key ID, a secret access key, and a security token. Typically, you use\n\t\t\t\t<code>GetSessionToken</code> if you want use MFA to protect programmatic calls to specific\n\t\t\tAWS APIs like Amazon EC2 <code>StopInstances</code>. MFA-enabled IAM users would need to call\n\t\t\t\t<code>GetSessionToken</code> and submit an MFA code that is associated with their MFA\n\t\t\tdevice. Using the temporary security credentials that are returned from the call, IAM users\n\t\t\tcan then make programmatic calls to APIs that require MFA authentication. </p>\n\n\t\t<p> The <code>GetSessionToken</code> action must be called by using the long-term AWS security\n\t\t\tcredentials of the AWS account or an IAM user. Credentials that are created by IAM users are\n\t\t\tvalid for the duration that you specify, between 900 seconds (15 minutes) and 129600 seconds\n\t\t\t(36 hours); credentials that are created by using account credentials have a maximum duration\n\t\t\tof 3600 seconds (1 hour). </p>\n\n\t\t<p>Optionally, you can pass an AWS IAM access policy to this operation. The temporary security credentials that \n\t\t\tare returned by the operation have the permissions that are associated with the entity that is making \n\t\t\tthe <code>GetSessionToken</code> call, except for any permissions explicitly denied by the policy you pass.\n\t\t\tThis gives you a way to further restrict the permissions for the resulting temporary security credentials. These policies and any \n\t\t\tapplicable resource-based policies are evaluated when calls to AWS are made using the temporary security credentials. \n\t\t</p>\n\t\t\n\t\t<p>For more information about using <code>GetSessionToken</code> to create temporary\n\t\t\tcredentials, go to <a href=\"http://docs.aws.amazon.com/IAM/latest/UserGuide/CreatingSessionTokens.html\" target=\"_blank\"> Creating Temporary Credentials to Enable Access for IAM Users </a> in\n\t\t\t\t<i>Using IAM</i>. \n\t\t</p>\n\n\t\t<examples>\n\t\t\t<queryrequest>\n\t\t\t\thttps://sts.amazonaws.com/\n?Version=2011-06-15\n&Action=GetSessionToken\n&DurationSeconds=3600\n&SerialNumber=YourMFADeviceSerialNumber\n&TokenCode=123456\n&AUTHPARAMS\n\t\t\t</queryrequest>\n\n\t\t\t<queryresponse>\n\t\t\t\t<GetSessionTokenResponse xmlns=\"https://sts.amazonaws.com/doc/2011-06-15/\">\n  <GetSessionTokenResult>\n    <Credentials>\n      <SessionToken>\n       AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/L\n       To6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3z\n       rkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtp\n       Z3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE\n      </SessionToken>\n      <SecretAccessKey>\n      wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY\n      </SecretAccessKey>\n      <Expiration>2011-07-11T19:55:29.611Z</Expiration>\n      <AccessKeyId>AKIAIOSFODNN7EXAMPLE</AccessKeyId>\n    </Credentials>\n  </GetSessionTokenResult>\n  <ResponseMetadata>\n    <RequestId>58c5dbae-abef-11e0-8cfe-09039844ac7d</RequestId>\n  </ResponseMetadata>\n</GetSessionTokenResponse>\n\t\t\t</queryresponse>\n\t\t</examples>\n\t"
     }
   }
 }

data/bin/aws.rb

@@ -18,13 +18,13 @@ end
 
 # setup default options, check ENV for most
 options = {
-  :repl => env_bool('AWSRB', nil),
-  :log => env_bool('AWSRB_LOG', true),
-  :color => env_bool('AWSRB_COLOR', true),
-  :debug => env_bool('AWSRB_DEBUG', false),
-  :load_paths => [],
-  :require => [],
-  :execute => [],
+  repl: env_bool('AWSRB', nil),
+  log: env_bool('AWSRB_LOG', true),
+  color: env_bool('AWSRB_COLOR', true),
+  debug: env_bool('AWSRB_DEBUG', false),
+  load_paths: [],
+  require: [],
+  execute: [],
 }
 
 OptionParser.new do |opts|

data/doc-src/plugins/apis.rb

@@ -241,7 +241,7 @@ def document_svc_api_operation(svc_name, client, method_name, operation)
 #{documentor.api_ref(operation)}
 #{tabs}
 @param [Hash] params ({})
-@return [Seahorse::Client::Response]
+@return [PageableResponse]
 #{errors}
 DOCSTRING
 

data/features/cloudtrail/client.feature

@@ -0,0 +1,17 @@
+# language: en
+@cloudtrail @client
+Feature: AWS CloudTrail
+
+  Scenario: Making a basic request
+    When I call the "DescribeTrails" API
+    Then the response should contain a "trailList"
+
+  Scenario: Error handling
+    When I attempt to call the "CreateTrail" API with:
+    | Name         | example           |
+    | S3BucketName | not-my-bucket-123 |
+    Then I expect the response error code to be "S3BucketDoesNotExistException"
+    And I expect the response error message to include:
+    """
+    S3 bucket does not exist!
+    """

data/features/cloudtrail/step_definitions.rb

@@ -0,0 +1,6 @@
+Before("@cloudtrail") do
+  @cloudtrail = @client = Aws.cloudtrail
+end
+
+After("@cloudtrail") do
+end

data/features/datapipeline/client.feature

@@ -12,5 +12,5 @@ Feature: AWS Data Pipeline
     Then I expect the response error code to be "PipelineNotFoundException"
     And I expect the response error message to include:
     """
-    fake-id pipeline does not exist
+    does not exist
     """

data/lib/aws.rb

@@ -9,6 +9,7 @@ module Aws
   @config = {}
 
   autoload :Credentials, "#{SRC}/credentials"
+  autoload :CredentialProviderChain, "#{SRC}/credential_provider_chain"
   autoload :Errors, "#{SRC}/errors"
   autoload :ErrorHandler, "#{SRC}/error_handler"
   autoload :InstanceProfileCredentials, "#{SRC}/instance_profile_credentials"
@@ -16,6 +17,7 @@ module Aws
   autoload :RequestHandler, "#{SRC}/request_handler"
   autoload :ResponseHandler, "#{SRC}/response_handler"
   autoload :Service, "#{SRC}/service"
+  autoload :SharedCredentials, "#{SRC}/shared_credentials"
   autoload :Structure, "#{SRC}/structure"
   autoload :TimestampFormatter, "#{SRC}/timestamp_formatter"
   autoload :TreeHash, "#{SRC}/tree_hash"
@@ -64,7 +66,6 @@ module Aws
     autoload :GlacierApiVersion, "#{SRC}/plugins/glacier_api_version"
     autoload :GlacierChecksums, "#{SRC}/plugins/glacier_checksums"
     autoload :GlobalConfiguration, "#{SRC}/plugins/global_configuration"
-    autoload :InstanceProfileCredentials, "#{SRC}/plugins/instance_profile_credentials"
     autoload :JsonProtocol, "#{SRC}/plugins/json_protocol"
     autoload :JsonRpcHeaders, "#{SRC}/plugins/json_rpc_headers"
     autoload :QueryProtocol, "#{SRC}/plugins/query_protocol"
@@ -77,6 +78,7 @@ module Aws
     autoload :S3Md5s, "#{SRC}/plugins/s3_md5s"
     autoload :S3Redirects, "#{SRC}/plugins/s3_redirects"
     autoload :S3Signer, "#{SRC}/plugins/s3_signer"
+    autoload :S3LocationConstraint, "#{SRC}/plugins/s3_location_constraint"
     autoload :SignatureV2, "#{SRC}/plugins/signature_v2"
     autoload :SignatureV3, "#{SRC}/plugins/signature_v3"
     autoload :SignatureV4, "#{SRC}/plugins/signature_v4"
@@ -167,15 +169,29 @@ module Aws
     # @return [Class<Service>]
     def add_service(name, apis = [])
       svc_class = const_set(name, Service.define(name.downcase.to_sym, apis))
-      service_classes[svc_class.identifier] = svc_class
-      self.class.send(:define_method, svc_class.identifier) do |options = {}|
-        svc_class.new(options)
-      end
+      add_helper(svc_class.identifier, svc_class)
       svc_class
     end
 
     private
 
+    # Defines a `Aws.svcname` helper method.  This method accepts a hash
+    # of configuration options.
+    #
+    #    s3 = Aws.s3(http_wire_trace:true)
+    #    #=> Aws::S3::V20060301
+    #
+    #    s3.config.http_wire_trace
+    #    #=> true
+    #
+    def add_helper(method_name, svc_class)
+      service_classes[method_name] = svc_class
+      define_method(method_name) do |options = {}|
+        svc_class.new(options)
+      end
+      module_function(method_name)
+    end
+
     # @return Returns a hash of API paths grouped by their service class names.
     def bundled_apis
       Dir.glob(File.join(GEM_ROOT, 'apis', '*.json')).group_by do |path|

data/lib/aws/api/service_translators/s3.rb

@@ -6,6 +6,7 @@ module Aws::Api::ServiceTranslators::S3
       api.plugins << "Aws::Plugins::S3GetBucketLocationFix"
       api.plugins << "Aws::Plugins::S3Md5s"
       api.plugins << "Aws::Plugins::S3Redirects"
+      api.plugins << "Aws::Plugins::S3LocationConstraint"
     end
   end
 end

data/lib/aws/api/translator.rb

@@ -12,7 +12,6 @@ module Aws
         Aws::Plugins::RetryErrors
         Aws::Plugins::GlobalConfiguration
         Aws::Plugins::RegionalEndpoint
-        Aws::Plugins::InstanceProfileCredentials
         Aws::Plugins::ResponsePaging
         Aws::Plugins::Credentials
       )
@@ -150,7 +149,7 @@ module Aws
         end
         @properties['metadata'] ||= {}
         @properties['metadata']['endpoint_prefix'] = prefix
-        @properties['metadata']['regional_endpoints'] = regions unless regions.empty?
+        @properties['metadata']['regional_endpoints'] = Hash[regions.sort] unless regions.empty?
       end
 
       def set_operations(operations)

data/lib/aws/credential_provider_chain.rb

@@ -0,0 +1,62 @@
+module Aws
+  class CredentialProviderChain
+
+    def initialize(config, foo=nil)
+      @config = config
+      @foo = foo
+    end
+
+    def resolve
+      providers.each do |method_name, options={}|
+        credentials = send(method_name, options.merge(config: @config))
+        return credentials if credentials.set?
+      end
+      nil
+    end
+
+    private
+
+    def providers
+      [
+        [:static_credentials],
+        [:env_credentials, { prefix: 'AWS' }],
+        [:env_credentials, { prefix: 'AMAZON' }],
+        [:env_credentials, { key:'AWS_ACCESS_KEY', secret:'AWS_SECRET_KEY' }],
+        [:shared_credentials],
+        [:instance_profile_credentials],
+      ]
+    end
+
+    def static_credentials(options)
+      config = options[:config]
+      Credentials.new(
+        config.access_key_id,
+        config.secret_access_key,
+        config.session_token)
+    end
+
+    def env_credentials(options)
+      env_keys = []
+      if prefix = options[:prefix]
+        env_keys << "#{prefix}_ACCESS_KEY_ID"
+        env_keys << "#{prefix}_SECRET_ACCESS_KEY"
+        env_keys << "#{prefix}_SESSION_TOKEN"
+      else
+        env_keys << options[:key]
+        env_keys << options[:secret]
+      end
+      Credentials.new(*ENV.values_at(*env_keys))
+    end
+
+    def shared_credentials(options = {})
+      c = SharedCredentials.new(profile_name: options[:config].profile)
+      puts c.inspect if @foo
+      c
+    end
+
+    def instance_profile_credentials(*args)
+      InstanceProfileCredentials.new
+    end
+
+  end
+end

data/lib/aws/credentials.rb

@@ -22,7 +22,10 @@ module Aws
     # @return [Boolean] Returns `true` if the access key id and secret
     #   access key are both set.
     def set?
-      !!(access_key_id && secret_access_key)
+      !access_key_id.nil? &&
+      !access_key_id.empty? &&
+      !secret_access_key.nil? &&
+      !secret_access_key.empty?
     end
 
     # Removing the secret access key from the default inspect string.

data/lib/aws/errors.rb

@@ -30,6 +30,10 @@ module Aws
     # version is found based on configuration.
     class NoSuchApiVersionError < RuntimeError; end
 
+    # Raised when a {Service} is constructed and the specified shared
+    # credentials profile does not exist.
+    class NoSuchProfileError < RuntimeError; end
+
     # Raised when a {Service} is constructed and credentials are not
     # set, or the set credentials are empty.
     class MissingCredentialsError < RuntimeError; end

data/lib/aws/plugins/credentials.rb

@@ -1,47 +1,40 @@
 module Aws
   module Plugins
 
-    # @seahorse.client.option [String] :access_key_id Your AWS account
-    #   access key ID.  Defaults to `ENV['AWS_ACCESS_KEY']`.
-    #   Also checks `AWS_ACCESS_KEY_ID` and `AMAZON_ACCESS_KEY_ID`.
+    # @seahorse.client.option [required, Credentials] :credentials Your
+    #   AWS credentials.  The following locations will be searched in order
+    #   for credentials:
     #
-    # @seahorse.client.option [String] :secret_access_key Your AWS account
-    #   secret access key.  Defaults to `ENV['AWS_SECRET_KEY']`.
-    #   Also checks `AWS_SECRET_ACCESS_KEY` and `AMAZON_SECRET_ACCESS_KEY`.
+    #   * `:access_key_id`, `:secret_access_key`, and `:session_token` options
+    #   * ENV['AWS_ACCESS_KEY'], ENV['SECRET_ACCESS_KEY']
+    #   * `HOME/.aws/credentials` shared credentials file
+    #   * EC2 instance profile credentials
     #
-    # @seahorse.client.option [String] :session_token If your credentials
-    #   are temporary session credentials, this should be the
-    #   session token.  Defaults to `ENV['AWS_SESSION_TOKEN']`.
-    #   Also checks `AMAZON_SESSION_TOKEN`.
+    # @seahorse.client.option [String] :profile Used when loading credentials
+    #   from the shared credentials file at HOME/.aws/credentials.  When not
+    #   specified, 'default' is used.
     #
-    # @seahorse.client.option [Credentials] :credentials
-    #   Your AWS account credentials.  Defaults to a new {Credentials} object
-    #   populated by `:access_key_id`, `:secret_access_key` and
-    #   `:session_token`.
+    # @seahorse.client.option [String] :access_key_id Used to set credentials
+    #   statically.
+    #
+    # @seahorse.client.option [String] :secret_access_key_id Used to set
+    #   credentials statically.
+    #
+    # @seahorse.client.option [String] :session_token Used to set credentials
+    #   statically.
     #
     class Credentials < Seahorse::Client::Plugin
 
-      option(:access_key_id) {
-        keys = %w(AWS_ACCESS_KEY AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID)
-        ENV.values_at(*keys).compact.first
-      }
+      option(:access_key_id)
+
+      option(:secret_access_key)
 
-      option(:secret_access_key) {
-        keys = %w(AWS_SECRET_KEY AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY)
-        ENV.values_at(*keys).compact.first
-      }
+      option(:session_token)
 
-      option(:session_token) {
-        keys = %w(AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN)
-        ENV.values_at(*keys).compact.first
-      }
+      option(:profile)
 
       option(:credentials) do |config|
-        credentials = Aws::Credentials.new(
-          config.access_key_id,
-          config.secret_access_key,
-          config.session_token)
-        credentials.set? ? credentials : nil
+        CredentialProviderChain.new(config).resolve
       end
 
       def after_initialize(client)

data/lib/aws/plugins/s3_location_constraint.rb

@@ -0,0 +1,38 @@
+module Aws
+  module Plugins
+    class S3LocationConstraint < Seahorse::Client::Plugin
+
+      class Handler < Seahorse::Client::Handler
+
+        def call(context)
+
+          s3_endpoint = context.config.endpoint
+          s3_endpoint = s3_endpoint.host if s3_endpoint.respond_to?(:host)
+
+          region = context.config.region
+          create_bucket_params = context.params[:create_bucket_configuration]
+          location_constraint = nil
+
+          if create_bucket_params
+            location_constraint = create_bucket_params[:location_constraint]
+          end
+
+          unless s3_endpoint.match(/s3\.amazonaws\.com$/) || location_constraint
+            set_location_constraint(context, region)
+          end
+
+          @handler.call(context)
+        end
+
+        def set_location_constraint(context, region)
+          context.params[:create_bucket_configuration] ||= {}
+          context.params[:create_bucket_configuration][:location_constraint] = region
+        end
+
+      end
+
+      handler(Handler, step: :initialize, operations: [:create_bucket])
+
+    end
+  end
+end

data/lib/aws/shared_credentials.rb

@@ -0,0 +1,105 @@
+module Aws
+  class SharedCredentials < Credentials
+
+    # @api private
+    KEY_MAP = {
+      'aws_access_key_id' => 'access_key_id',
+      'aws_secret_access_key' => 'secret_access_key',
+      'aws_session_token' => 'session_token',
+    }
+
+    # Constructs a new SharedCredentials object. This will load AWS access
+    # credentials from an ini file, which supports profiles. The default
+    # profile name is 'default'. You can specify the profile name with the
+    # `ENV['AWS_PROFILE']` or with the `:profile_name` option.
+    #
+    # @option [String] :path Path to the shared file.  Defaults
+    #   to "#{Dir.home}/.aws/credentials".
+    #
+    # @option [String] :profile_name Defaults to 'default' or
+    #   `ENV['AWS_PROFILE']`.
+    #
+    def initialize(options = {})
+      @path = options[:path] || default_path
+      @profile_name = options[:profile_name]
+      @profile_name ||= ENV['AWS_PROFILE']
+      @profile_name ||= 'default'
+      load_from_path if loadable?
+    end
+
+    # @return [String]
+    attr_reader :path
+
+    # @return [String]
+    attr_reader :profile_name
+
+    # @api private
+    def inspect
+      parts = [
+        self.class.name,
+        "profile_name=#{profile_name.inspect}",
+        "path=#{path.inspect}",
+      ]
+      "#<#{parts.join(' ')}>"
+    end
+
+    # @return [Boolean] Returns `true` if a credential file
+    #   exists and has appropriate read permissions at {path}.
+    # @note This method does not indicate if the file found at {path}
+    #   will be parsable, only if it can be read.
+    def loadable?
+      !path.nil? && File.exists?(path) && File.readable?(path)
+    end
+
+    private
+
+    def default_path
+      File.join(Dir.home, '.aws', 'credentials')
+    rescue ArgumentError
+      # Dir.home raises ArgumentError when ENV['home'] is not set
+      nil
+    end
+
+    def load_from_path
+      profile = load_profile
+      KEY_MAP.each do |source, target|
+        if profile.key?(source)
+          instance_variable_set("@#{target}", profile[source])
+        end
+      end
+    end
+
+    def load_profile
+      if profile = profiles[profile_name]
+        profile
+      else
+        msg = "Profile `#{profile_name}' not found in #{path}"
+        raise Errors::NoSuchProfileError, msg
+      end
+    end
+
+    def profiles
+      ini_parse(File.read(path))
+    end
+
+    def ini_parse(file)
+      current_section = {}
+      map = {}
+      file.lines.each do |line|
+        line = line.split(/^|\s;/).first # remove comments
+        section = line.match(/^\s*\[([^\[\]]+)\]\s*$/) unless line.nil?
+        if section
+          current_section = section[1]
+        elsif current_section
+          item = line.match(/^\s*(.+?)\s*=\s*(.+)\s*$/) unless line.nil?
+          if item
+            map[current_section] = map[current_section] || {}
+            map[current_section][item[1]] = item[2]
+          end
+        end
+      end
+      map
+    end
+
+  end
+end