AWS SDK requires .aws credential keys to be lowered case (expectation: case insensitive)

[shahzadhuq]

Describe the bug

AWS SDK is unable to read locally AWS profile credentials (in .aws/credentials) if the keys are all upper case. It requires the keys to all lower case.

Successfully reads credentials

• aws_access_key_id= ...
• aws_secret_access_key= ...
• aws_session_token= ...

Fails silently

• AWS_ACCESS_KEY_ID= ...
• AWS_SECRET_ACCESS_KEY= ...
• AWS_SESSION_TOKEN= ...

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

AWS SDK should be case insensitive to the casing of the credentials keys in the .aws/credentials file.

Current Behavior

AWS SDK only supports (able to read) lowered case credentials keys in the .aws/credentials file.

Reproduction Steps

I used this code to figure out the key case sensitivity issue.
Try this code to test with all 1/ lowered case keys and then 2/ upper case keys.

// Credential validation method
void ValidateAwsCredentials()
{
    try 
    {
        // Attempt to load credentials from default profile
        var chain = new CredentialProfileStoreChain();
        if (chain.TryGetAWSCredentials("default", out var awsCredentials))
        {
            Console.WriteLine("Credentials successfully loaded from profile");

            // Create STS client to validate credentials
            using var stsClient = new AmazonSecurityTokenServiceClient(awsCredentials);
            
            // Get caller identity
            var request = new GetCallerIdentityRequest();
            var response = stsClient.GetCallerIdentityAsync(request).Result;

            Console.WriteLine($"Account: {response.Account}");
            Console.WriteLine($"User ID: {response.UserId}");
            Console.WriteLine($"ARN: {response.Arn}");
        }
        else
        {
            Console.WriteLine("Failed to load AWS credentials from default profile");
        }
    }
    catch (Exception ex)
    {
        Console.WriteLine($"Credential Validation Error: {ex.Message}");
    }
}

Possible Solution

No response

Additional Information/Context

Commonly, we configure such credentials using 'aws configure' command which adds all lowered case keys.

I used IAM Role temp credentials. So, from the AWS console, I copied and pasted the generated key/value pairs - generated keys are all upper case. After updating the .aws/credential file with the upper case keys, the AWS logger stopped writing to the AWS CloudWatch. Only after changing keys to all lower case, AWS logger started to work.

AWS .NET SDK and/or Package version used

• net9.0
• AWS.Logger.AspNetCore, Version=3.5.3

Targeted .NET Platform

net9.0

Operating System and version

Ubuntu 24

[ashishdhingra]

Reproducible. When using non-lowercase key in ~/.aws/credentials file, it tries to get profile when invoking CredentialProfileStoreChain.TryGetAWSCredentials(). In the retrieved profile, the ProfileType is null, which fails check in AWSCredentialsFactory.GetAWSCredentialsInternal(). Hence no credentials are retrieved from profile in credentials file.

Similar issues:

• Java v2: Support for case insensitive properties in the aws credentials file aws-sdk-java-v2#5689.
• Rust: AWS credentials file keys should not be case sensitive awslabs/aws-sdk-rust#1020 (fixed via PR for smithy-rs repo)

Per https://en.wikipedia.org/wiki/INI_file#Case_sensitivity, it should perhaps be case-insensitive.

Based on internal discussion, this is a cross-SDK issue which should be fixed in all SDK(s).