new configuration support for IMDSConfig

Add ClientConfiguration support for IMDS settings and update related classes

Fix: Shared pointer bug in AWSCredentialsProvider

allocator mismatch bug fix, change type using c_str()

new configuration support for IMDSConfig

Add ClientConfiguration support for IMDS settings and update related classes

Fix: Shared pointer bug in AWSCredentialsProvider

allocator mismatch bug fix, change type using c_str()

Fix shared pointer bug and update IMDS config structure

- Fix std::stol compilation error with Aws::String by using .c_str()
- Update IMDS configuration to use credentialProviderConfig.imdsConfig structure
- Add proper environment variable support for AWS_METADATA_SERVICE_TIMEOUT and AWS_METADATA_SERVICE_NUM_ATTEMPTS

Update IMDS configuration and credentials provider

fix: Remove duplicate IMDS config struct and fix comment syntax

feat: Add IMDS configuration support to credential provider chain

- Add CredentialProviderConfiguration struct with IMDS timeout and retry settings
- Add constructor to DefaultAWSCredentialsProviderChain accepting CredentialProviderConfiguration
- Add constructor to InstanceProfileCredentialsProvider accepting CredentialProviderConfiguration
- Add constructor to EC2InstanceProfileConfigLoader accepting CredentialProviderConfiguration
- Add constructor to EC2MetadataClient accepting CredentialProviderConfiguration with IMDS timeout/retry configuration
- Enable IMDS configuration to flow through: CredentialProviderConfiguration → InstanceProfileCredentialsProvider → EC2InstanceProfileConfigLoader → EC2MetadataClient
- Reduce object creation redundancy by passing configuration directly through the chain

fix disableImdsvV1 member

added new include

feat: Add IMDS configuration support for AWS_METADATA_SERVICE_TIMEOUT

Add support for AWS_METADATA_SERVICE_TIMEOUT and AWS_METADATA_SERVICE_NUM_ATTEMPTS
environment variables and config file settings to configure IMDS client behavior.

- Add imdsConfig struct to ClientConfiguration.credentialProviderConfig
- Support AWS_METADATA_SERVICE_TIMEOUT env var and metadata_service_timeout config
- Support AWS_METADATA_SERVICE_NUM_ATTEMPTS env var and metadata_service_num_attempts config
- Add InstanceProfileCredentialsProvider constructor accepting ClientConfiguration
- Add EC2InstanceProfileConfigLoader constructor accepting CredentialProviderConfiguration
- Update EC2MetadataClient to use configured timeout and retry values
- Use StringUtils::ConvertToInt32 for parsing instead of std::stol

Resolves customer request for configurable IMDS timeout settings.

fixed snake case

removed m_disableIMDSV1 and comment

recreated retry strategy during client configuration

updated forward declaration

fixed nip

Author: kai-ion

src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentialsProvider.h

@@ -22,6 +22,10 @@
 
 namespace Aws
 {
+    namespace Client
+    {
+        struct ClientConfiguration;
+    }
     namespace Auth
     {
         constexpr int REFRESH_THRESHOLD = 1000 * 60 * 5;
@@ -212,6 +216,11 @@ namespace Aws
              */
             InstanceProfileCredentialsProvider(const std::shared_ptr<Aws::Config::EC2InstanceProfileConfigLoader>&, long refreshRateMs = REFRESH_THRESHOLD);
 
+            /**
+             * Initializes the provider using ClientConfiguration for IMDS settings.
+             */
+            InstanceProfileCredentialsProvider(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialProviderConfig, long refreshRateMs = REFRESH_THRESHOLD);
+
             /**
             * Retrieves the credentials if found, otherwise returns empty credential set.
             */

src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h

@@ -492,6 +492,21 @@ namespace Aws
             * AWS profile name to use for credentials.
             */
             Aws::String profile;
+
+            /**
+             * IMDS configuration settings
+             */
+            struct {
+              /**
+               * Number of total attempts to make when retrieving data from IMDS. Default 1.
+               */
+              long metadataServiceNumAttempts = 1;
+              
+              /**
+               * Timeout in seconds when retrieving data from IMDS. Default 1.
+               */
+              long metadataServiceTimeout = 1;
+            } imdsConfig;
           }credentialProviderConfig;
         };
 

src/aws-cpp-sdk-core/include/aws/core/config/EC2InstanceProfileConfigLoader.h

@@ -6,7 +6,7 @@
 #pragma once
 
 #include <aws/core/config/AWSProfileConfigLoaderBase.h>
-
+#include <aws/core/client/ClientConfiguration.h>
 #include <aws/core/utils/memory/stl/AWSString.h>
 #include <aws/core/utils/memory/stl/AWSMap.h>
 #include <aws/core/utils/DateTime.h>
@@ -34,6 +34,11 @@ namespace Aws
              */
             EC2InstanceProfileConfigLoader(const std::shared_ptr<Aws::Internal::EC2MetadataClient>& = nullptr);
 
+            /**
+             * Creates EC2MetadataClient using the provided CredentialProviderConfiguration.
+             */
+            EC2InstanceProfileConfigLoader(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialConfig);
+
             virtual ~EC2InstanceProfileConfigLoader() = default;
 
         protected:

src/aws-cpp-sdk-core/include/aws/core/internal/AWSHttpResourceClient.h

@@ -103,6 +103,7 @@ namespace Aws
              */
             EC2MetadataClient(const char* endpoint = "http://169.254.169.254");
             EC2MetadataClient(const Client::ClientConfiguration& clientConfiguration, const char* endpoint = "http://169.254.169.254");
+            EC2MetadataClient(const Client::ClientConfiguration::CredentialProviderConfiguration& credentialConfig, const char* endpoint = "http://169.254.169.254");
 
             EC2MetadataClient& operator =(const EC2MetadataClient& rhs) = delete;
             EC2MetadataClient(const EC2MetadataClient& rhs) = delete;

src/aws-cpp-sdk-core/source/auth/AWSCredentialsProvider.cpp

@@ -7,6 +7,7 @@
 #include <aws/core/auth/AWSCredentialsProvider.h>
 
 #include <aws/core/config/AWSProfileConfigLoader.h>
+#include <aws/core/client/ClientConfiguration.h>
 #include <aws/core/platform/Environment.h>
 #include <aws/core/platform/FileSystem.h>
 #include <aws/core/platform/OSVersionInfo.h>
@@ -242,6 +243,12 @@ InstanceProfileCredentialsProvider::InstanceProfileCredentialsProvider(const std
     AWS_LOGSTREAM_INFO(INSTANCE_LOG_TAG, "Creating Instance with injected EC2MetadataClient and refresh rate " << refreshRateMs);
 }
 
+InstanceProfileCredentialsProvider::InstanceProfileCredentialsProvider(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialConfig, long refreshRateMs) :
+    m_ec2MetadataConfigLoader(Aws::MakeShared<Aws::Config::EC2InstanceProfileConfigLoader>(INSTANCE_LOG_TAG, credentialConfig)),
+    m_loadFrequencyMs(refreshRateMs)
+{
+    AWS_LOGSTREAM_INFO(INSTANCE_LOG_TAG, "Creating Instance with IMDS timeout: " << credentialConfig.imdsConfig.metadataServiceTimeout << "s, attempts: " << credentialConfig.imdsConfig.metadataServiceNumAttempts);
+}
 
 AWSCredentials InstanceProfileCredentialsProvider::GetAWSCredentials()
 {

src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp

@@ -6,6 +6,7 @@
 #include <aws/core/auth/AWSCredentialsProviderChain.h>
 #include <aws/core/auth/STSCredentialsProvider.h>
 #include <aws/core/auth/SSOCredentialsProvider.h>
+#include <aws/core/client/ClientConfiguration.h>
 #include <aws/core/platform/Environment.h>
 #include <aws/core/utils/memory/AWSMemory.h>
 #include <aws/core/utils/StringUtils.h>
@@ -125,7 +126,7 @@ DefaultAWSCredentialsProviderChain::DefaultAWSCredentialsProviderChain(const Aws
     }
     else if (Aws::Utils::StringUtils::ToLower(ec2MetadataDisabled.c_str()) != "true")
     {
-        AddProvider(Aws::MakeShared<InstanceProfileCredentialsProvider>(DefaultCredentialsProviderChainTag));
+        AddProvider(Aws::MakeShared<InstanceProfileCredentialsProvider>(DefaultCredentialsProviderChainTag, config));
         AWS_LOGSTREAM_INFO(DefaultCredentialsProviderChainTag, "Added EC2 metadata service credentials provider to the provider chain.");
     }
 }

src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp

@@ -41,6 +41,10 @@ static const char* DISABLE_IMDSV1_CONFIG_VAR = "AWS_EC2_METADATA_V1_DISABLED";
 static const char* DISABLE_IMDSV1_ENV_VAR = "ec2_metadata_v1_disabled";
 static const char* AWS_ACCOUNT_ID_ENDPOINT_MODE_ENVIRONMENT_VARIABLE = "AWS_ACCOUNT_ID_ENDPOINT_MODE";
 static const char* AWS_ACCOUNT_ID_ENDPOINT_MODE_CONFIG_FILE_OPTION = "account_id_endpoint_mode";
+static const char* AWS_METADATA_SERVICE_TIMEOUT_ENV_VAR = "AWS_METADATA_SERVICE_TIMEOUT";
+static const char* AWS_METADATA_SERVICE_TIMEOUT_CONFIG_VAR = "metadata_service_timeout";
+static const char* AWS_METADATA_SERVICE_NUM_ATTEMPTS_ENV_VAR = "AWS_METADATA_SERVICE_NUM_ATTEMPTS";
+static const char* AWS_METADATA_SERVICE_NUM_ATTEMPTS_CONFIG_VAR = "metadata_service_num_attempts";
 
 using RequestChecksumConfigurationEnumMapping = std::pair<const char*, RequestChecksumCalculation>;
 static const std::array<RequestChecksumConfigurationEnumMapping, 2> REQUEST_CHECKSUM_CONFIG_MAPPING = {{
@@ -288,6 +292,33 @@ void setConfigFromEnvOrProfile(ClientConfiguration &config)
         AWS_ACCOUNT_ID_ENDPOINT_MODE_CONFIG_FILE_OPTION,
         {"required", "disabled", "preferred"}, /* allowed values */
         "preferred" /* default value */);
+    
+    // Load IMDS configuration from environment variables and config file
+    Aws::String timeoutStr = ClientConfiguration::LoadConfigFromEnvOrProfile(AWS_METADATA_SERVICE_TIMEOUT_ENV_VAR,
+        config.profileName,
+        AWS_METADATA_SERVICE_TIMEOUT_CONFIG_VAR,
+        {}, /* allowed values */
+        "1" /* default value */);
+
+    // Load IMDS configuration from environment variables and config file
+    Aws::String numAttemptsStr = ClientConfiguration::LoadConfigFromEnvOrProfile(AWS_METADATA_SERVICE_NUM_ATTEMPTS_ENV_VAR,
+        config.profileName,
+        AWS_METADATA_SERVICE_NUM_ATTEMPTS_CONFIG_VAR,
+        {}, /* allowed values */
+        "1" /* default value */);
+
+    // Parse and set IMDS timeout
+    long timeout = static_cast<long>(Aws::Utils::StringUtils::ConvertToInt32(timeoutStr.c_str()));
+    config.credentialProviderConfig.imdsConfig.metadataServiceTimeout = timeout;
+
+    // Parse and set IMDS num attempts
+    long attempts = static_cast<long>(Aws::Utils::StringUtils::ConvertToInt32(numAttemptsStr.c_str()));
+    config.credentialProviderConfig.imdsConfig.metadataServiceNumAttempts = attempts;
+
+    // Ensure retry strategy is set using factory pattern
+    if (!config.retryStrategy) {
+        config.retryStrategy = config.configFactories.retryStrategyCreateFn();
+    }
 }
 
 ClientConfiguration::ClientConfiguration()

src/aws-cpp-sdk-core/source/config/EC2InstanceProfileConfigLoader.cpp

@@ -6,6 +6,7 @@
 #include <aws/core/config/AWSProfileConfigLoader.h>
 #include <aws/core/internal/AWSHttpResourceClient.h>
 #include <aws/core/auth/AWSCredentialsProvider.h>
+#include <aws/core/client/ClientConfiguration.h>
 #include <aws/core/utils/memory/stl/AWSList.h>
 #include <aws/core/utils/logging/LogMacros.h>
 #include <aws/core/utils/json/JsonSerializer.h>
@@ -37,6 +38,10 @@ namespace Aws
                 m_ec2metadataClient = client;
             }
         }
+        
+        EC2InstanceProfileConfigLoader::EC2InstanceProfileConfigLoader(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialConfig)
+            : m_ec2metadataClient(Aws::MakeShared<Aws::Internal::EC2MetadataClient>(EC2_INSTANCE_PROFILE_LOG_TAG, credentialConfig))
+        {}
 
         bool EC2InstanceProfileConfigLoader::LoadInternal()
         {

src/aws-cpp-sdk-core/source/internal/AWSHttpResourceClient.cpp

@@ -82,15 +82,14 @@ namespace Aws
         AWSHttpResourceClient::AWSHttpResourceClient(const Aws::Client::ClientConfiguration& clientConfiguration, const char* logtag)
         : m_logtag(logtag),
           m_userAgent(Aws::Client::ComputeUserAgentString(&clientConfiguration)),
-          m_retryStrategy(clientConfiguration.retryStrategy ? clientConfiguration.retryStrategy : clientConfiguration.configFactories.retryStrategyCreateFn()),
+          m_retryStrategy(clientConfiguration.retryStrategy),
           m_httpClient(nullptr)
         {
             AWS_LOGSTREAM_INFO(m_logtag.c_str(),
                                "Creating AWSHttpResourceClient with max connections "
                                 << clientConfiguration.maxConnections
                                 << " and scheme "
                                 << SchemeMapper::ToString(clientConfiguration.scheme));
-
             m_httpClient = CreateHttpClient(clientConfiguration);
         }
 
@@ -208,6 +207,28 @@ namespace Aws
 #endif
         }
 
+        EC2MetadataClient::EC2MetadataClient(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialConfig,
+                                             const char* endpoint)
+            : AWSHttpResourceClient(
+                  [&credentialConfig]() -> ClientConfiguration{
+                    Aws::Client::ClientConfiguration clientConfig;
+                    clientConfig.credentialProviderConfig = credentialConfig;
+                    clientConfig.connectTimeoutMs = credentialConfig.imdsConfig.metadataServiceTimeout * 1000;
+                    clientConfig.requestTimeoutMs = credentialConfig.imdsConfig.metadataServiceTimeout * 1000;
+                    clientConfig.retryStrategy = Aws::MakeShared<DefaultRetryStrategy>(
+                        RESOURCE_CLIENT_CONFIGURATION_ALLOCATION_TAG, credentialConfig.imdsConfig.metadataServiceNumAttempts - 1, 1000);
+                    return clientConfig;
+                  }(),
+                  EC2_METADATA_CLIENT_LOG_TAG),
+              m_endpoint(endpoint),
+              m_disableIMDS(false),
+              m_tokenRequired(true) {
+#if defined(DISABLE_IMDSV1)
+          m_disableIMDSV1 = true;
+          AWS_LOGSTREAM_TRACE(m_logtag.c_str(), "IMDSv1 had been disabled at the SDK build time");
+#endif
+        }
+
         EC2MetadataClient::~EC2MetadataClient()
         {