aws-core

Kind	kit
Categories	cloud web
Keywords	aws amazon cloud authentication sigv4

AWS core library - credentials, signing, and shared utilities

Files

File	Description
`kit.toml`	Package manifest with metadata and dependencies
`src/aws.kit`	AWS Signature V4 signing, credentials, and regions
`tests/aws-core.test.kit`	Tests for credentials, regions, signing, and URL encoding
`LICENSE`	MIT license file

Dependencies

crypto

Installation

kit add gitlab.com/kit-lang/packages/kit-aws-core.git

Usage

import Kit.AwsCore

License

MIT License - see LICENSE for details.

Exported Functions & Types

`AWSError`

AWS error type with specific variants for different failure modes.

Variants

AWSCredentialError {message}

Credential-related error (missing or invalid credentials).

AWSRegionError {message}

Region-related error (missing or invalid region configuration).

`credentials`

Create AWS credentials explicitly from access key and secret key

Use this when you have credentials hardcoded or loaded from a custom source. For temporary credentials, use credentials-with-token instead.

Parameters:

access-key-id - String - AWS access key ID
secret-access-key - String - AWS secret access key

Returns: Credentials - Credentials object with empty session token

String -> String -> Credentials

creds = AWS.credentials "AKIAIOSFODNN7EXAMPLE" "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

`credentials-with-token`

Create AWS credentials with session token for temporary credentials

Use this for temporary credentials obtained from AWS STS, IAM roles, or federated access.

Parameters:

access-key-id - String - AWS access key ID
secret-access-key - String - AWS secret access key
session-token - String - Session token for temporary credentials

Returns: Credentials - Credentials object with session token

String -> String -> String -> Credentials

creds = AWS.credentials-with-token access-key secret-key session-token

`credentials-from-env`

Load AWS credentials from environment variables

Looks for the following environment variables: - AWS_ACCESS_KEY_ID (required) - AWS_SECRET_ACCESS_KEY (required) - AWS_SESSION_TOKEN (optional, for temporary credentials)

Returns: Result Credentials String - Ok with credentials if found, Err if not

Errors: Returns Err if AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY are not set

() -> Result Credentials AWSError

match AWS.credentials-from-env()
  | Ok creds -> use-credentials creds
  | Err err -> print "Error: ${err}"

`us-east-1`

Pre-configured AWS region: US East (N. Virginia)

`us-east-2`

Pre-configured AWS region: US East (Ohio)

`us-west-1`

Pre-configured AWS region: US West (N. California)

`us-west-2`

Pre-configured AWS region: US West (Oregon)

`eu-west-1`

Pre-configured AWS region: Europe (Ireland)

`eu-west-2`

Pre-configured AWS region: Europe (London)

`eu-central-1`

Pre-configured AWS region: Europe (Frankfurt)

`ap-northeast-1`

Pre-configured AWS region: Asia Pacific (Tokyo)

`ap-southeast-1`

Pre-configured AWS region: Asia Pacific (Singapore)

`ap-southeast-2`

Pre-configured AWS region: Asia Pacific (Sydney)

`region`

Create a custom AWS region configuration

Use this for regions not pre-defined above or for newer AWS regions.

Parameters:

name - String - AWS region name (e.g., "us-east-1", "eu-central-1")

Returns: Region - Region configuration with standard amazonaws.com endpoint

String -> Region

region = AWS.region "ap-south-1"

`region-with-endpoint`

Create a region with custom endpoint for S3-compatible services

Use this for LocalStack, MinIO, Wasabi, or other S3-compatible services.

Parameters:

name - String - Region name (can be arbitrary for non-AWS services)
endpoint - String - Custom endpoint domain (e.g., "localhost:4566" for LocalStack)

Returns: Region - Region configuration with custom endpoint

String -> String -> Region

# LocalStack
region = AWS.region-with-endpoint "us-east-1" "localhost:4566"

# MinIO
region = AWS.region-with-endpoint "us-east-1" "localhost:9000"

`region-from-env`

Load AWS region from environment variables

Looks for the following environment variables in order: 1. AWS_REGION 2. AWS_DEFAULT_REGION

Returns: Result Region String - Ok with region if found, Err if not

Errors: Returns Err if neither AWS_REGION nor AWS_DEFAULT_REGION are set

() -> Result Region AWSError

match AWS.region-from-env()
  | Ok region -> use-region region
  | Err err -> print "Error: ${err}"

`sign-request`

Sign a request using AWS Signature Version 4. Returns a SignedRequest with Authorization header added.

Credentials -> Region -> String -> String -> String -> List (String, String) -> String -> Result SignedRequest AWSError

`execute`

Execute a signed request.

SignedRequest -> Result String String

`url-encode`

URL encode a string (for paths and query params).

String -> String