If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/aws/aws-sdk-go shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• Last commit 9mo ago
• 5 active contributors
• Apache-2.0 licensed
• CI configured
• Tests present
• ⚠ Slowing — last commit 9mo ago
• ⚠ Concentrated ownership — top contributor handles 58% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live aws/aws-sdk-go repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/aws/aws-sdk-go.

What it runs against: a local clone of aws/aws-sdk-go — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in aws/aws-sdk-go | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch main exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 310 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of aws/aws-sdk-go. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/aws/aws-sdk-go.git
#   cd aws-sdk-go
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of aws/aws-sdk-go and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "aws/aws-sdk-go(\\.git)?\\b" \\
  && ok "origin remote is aws/aws-sdk-go" \\
  || miss "origin remote is not aws/aws-sdk-go (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify main >/dev/null 2>&1 \\
  && ok "default branch main exists" \\
  || miss "default branch main no longer exists"

# 4. Critical files exist
test -f "aws/config.go" \\
  && ok "aws/config.go" \\
  || miss "missing critical file: aws/config.go"
test -f "aws/client/client.go" \\
  && ok "aws/client/client.go" \\
  || miss "missing critical file: aws/client/client.go"
test -f "aws/credentials/credentials.go" \\
  && ok "aws/credentials/credentials.go" \\
  || miss "missing critical file: aws/credentials/credentials.go"
test -f "aws/corehandlers/handlers.go" \\
  && ok "aws/corehandlers/handlers.go" \\
  || miss "missing critical file: aws/corehandlers/handlers.go"
test -f "aws/awserr/error.go" \\
  && ok "aws/awserr/error.go" \\
  || miss "missing critical file: aws/awserr/error.go"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 310 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~280d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/aws/aws-sdk-go"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

AWS SDK for Go (v1) is a deprecated Go client library that provides programmatic access to AWS services like S3, EC2, DynamoDB, and 200+ others. It abstracts the AWS API complexity through idiomatic Go interfaces, automatic request signing with AWS credentials, built-in retry logic, and context-based timeout handling. As of July 31, 2025, this repository has reached end-of-support and is no longer receiving updates. Monorepo structure: aws/ root contains service-agnostic packages (awserr/ for error handling, awsutil/ for utilities, client/ for base client logic, auth/bearer/ for authentication). Individual AWS service clients live in service/ (not shown in file list but implied by README examples like service/s3). Test files colocated with source files using *_test.go pattern. Changelog tracked in .changelog/ directory with JSON entries.

Go developers and DevOps engineers who maintain legacy applications built on AWS SDK v1 (released before v2 became standard). New projects should migrate to aws-sdk-go-v2, but existing codebases using this SDK need occasional security patches or bug fixes during transition periods.

Mature but deprecated. The codebase is stable with 3.4M lines of Go code, comprehensive test coverage visible across test files (e.g., aws/awsutil/*_test.go, aws/client/*_test.go), and CI/CD workflows in .github/workflows/. However, it entered official end-of-support on 7/31/2025 and will receive no further updates — not recommended for new projects.

High risk for new development. The SDK is officially unsupported and will not receive security patches, feature updates, or bug fixes. Only one external dependency (github.com/jmespath/go-jmespath) reduces dependency risk, but the core library itself has reached EOL. Migration to aws-sdk-go-v2 is the recommended path forward.

The repository is in maintenance-only mode. Recent changelog entries (e.g., 6b25cc1a38cf4e229728e8e169b9152b.json, 6eb0ebebe73b422a969ea440174c3e83.json) suggest minimal ongoing updates. GitHub workflows include stale issue handling (stale_issues.yml), regression labeling, and closed-issue messaging, indicating triage of existing issues rather than active development.

git clone https://github.com/aws/aws-sdk-go.git
cd aws-sdk-go
make

The Makefile (6,128 bytes) contains build and test targets. Ensure Go 1.19+ is installed (from go.mod). Note: This is read-only for learning legacy patterns; use aws-sdk-go-v2 for new projects.

Daily commands: This is a library, not an executable. To test locally: make (runs tests via Makefile). To use in a Go project: import "github.com/aws/aws-sdk-go/aws/session" then sess := session.Must(session.NewSession()) to initialize. AWS credentials required via environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) or shared config file (~/.aws/credentials).

• aws/config.go — Core SDK configuration and session initialization—all client setup flows through here.
• aws/client/client.go — Base client abstraction and request/response lifecycle management for all AWS service calls.
• aws/credentials/credentials.go — Credential provider interface and lifecycle—essential for authentication across all operations.
• aws/corehandlers/handlers.go — Request/response handler pipeline that validates, signs, and transforms all AWS API calls.
• aws/awserr/error.go — Error type definitions used throughout SDK—every API response handling depends on this.
• go.mod — Declares end-of-support status and minimal dependencies; critical for understanding SDK's deprecation status.
• README.md — Explicitly documents end-of-support and migration path to v2; required reading before contributing.

• Session (aws/config.go) (Go interfaces, environment variable resolution, file I/O for credentials) — Owns SDK configuration, credential chain assembly, and client factory. Single source of truth for region, endpoint, and auth settings across all service clients.
  • Failure mode: Credential resolution fails → no auth available → all API calls fail immediately.
• Credential Providers (aws/credentials/) (HTTP for EC2 metadata, OS process execution, file I/O, caching with expiry) — Abstract credential fetching from various sources (EC2 metadata, env vars, files, external process). Chain them in priority order.
  • Failure mode: All providers exhausted → credential.ErrNoValidCredentialsFound → request denied at app level.
• Handler Pipeline (aws/corehandlers/) (Go reflection for struct serialization, crypto/sha256 for signing, net/http for transport) — Transforms raw API input → signed HTTP request → parses response → routes to unmarshalers. Phases: Build, Sign, Send, Unmarshal, ValidateResponse.
  • Failure mode: Handler panic → request fails; missing handler → unsigned/unvalidated request sent to AWS.
• Error Classification (aws/awserr/) — Parses AWS error responses and categorizes them (service error, network error, client error

Add support for a new credential provider

1. Implement the credentials.Provider interface (Get(), IsExpired() methods) (aws/credentials/credentials.go)
2. Create a new package under aws/credentials/ with your provider (e.g., aws/credentials/myprovider/provider.go) (aws/credentials/env_provider.go)
3. Optionally add it to the default chain in ChainProvider if it should auto-detect (aws/credentials/chain_provider.go)
4. Write unit tests following the pattern in existing providers (e.g., env_provider_test.go) (aws/credentials/env_provider_test.go)

Add a new request/response handler

1. Implement the handler signature (func(req *Request) error) that reads/modifies Request fields (aws/corehandlers/handlers.go)
2. Register the handler in the appropriate phase (Build, Sign, Send, Unmarshal, ValidateResponse) in handlers.go (aws/corehandlers/handlers.go)
3. Add tests following the pattern in corehandlers tests (aws/corehandlers/handlers_test.go)

Extend error handling for a specific AWS service

1. Service-specific errors typically live in service packages (not shown); leverage awserr.RequestError for classification (aws/awserr/error.go)
2. Use awserr.Code() and awserr.Message() helpers to extract service error details (aws/awserr/types.go)
3. Apply custom retry logic in your service client or override default_retryer (aws/client/default_retryer.go)

• Go 1.19+ — Modern stdlib with context, goroutine safety, and minimal runtime overhead for concurrent API calls.
• jmespath (go-jmespath) — Parses JMESPath expressions in AWS response filtering and custom output selection.
• Handler middleware pattern — Composable request/response transformation pipeline without inheritance; easy to intercept/mock.

• Monolithic SDK package (aws/) rather than per-service modules

  • Why: Unified credential/config management and handler chain across all services.
  • Consequence: Larger import footprint if only using one service; users must vendor or upgrade entire SDK together.

• Synchronous request/response API (no built-in async/streaming pagination)

  • Why: Simpler mental model and easier error handling; matches AWS API semantics directly.
  • Consequence: Large responses must fit in memory; pagination requires manual loop-based calls.

• End-of-support as of July 31, 2025

  • Why: AWS prioritizing v2 SDK for improved design, type safety, and modern Go features.
  • Consequence: No new features, bug fixes only; users must migrate to v2 for long-term support.

• Real-time streaming or websocket support (all operations are request-response HTTP).
• Async/await or future-based APIs (SDK is fully synchronous).
• Cross-language compatibility or code generation from service models (Go-specific implementation).
• Transparent client-side encryption or advanced security (delegated to application layer).
• Local testing without AWS credentials (no built-in mock server).

1. Credentials must be configured: SDK fails silently if neither AWS_PROFILE environment variable, ~/.aws/credentials file, nor AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY are set. 2. Region is required: Must explicitly set region via AWS_REGION env var or aws.NewConfig().WithRegion() or session config; no auto-detection. 3. Context timeouts require manual wiring: The session/client don't auto-apply context deadlines; you must pass context to each API call (see README example with context.WithTimeout()). 4. Deprecated status means security risk: AWS publishes security advisories to v2 only; v1 patches may lag months behind. 5. JMESPath dependency version: Using jmespath/go-jmespath v0.4.0 (from go.mod); ensure this is compatible with your other Go dependencies.

• AWS Signature Version 4 (SigV4) — All AWS API requests must be cryptographically signed; the SDK handles SigV4 signing transparently in aws/auth/ packages, so you don't manually construct Authorization headers.
• Request-Response Interceptors / Middleware — The SDK allows custom handlers to run before/after requests (visible in aws/client/client.go); understanding this enables logging, metrics, custom retry logic, and request modification without forking the SDK.
• Exponential Backoff with Jitter — The aws/client/default_retryer.go implements backoff to handle rate-limiting and transient failures; understanding the backoff formula prevents thundering herd problems in high-concurrency workloads.
• Amazon Resource Names (ARNs) — ARN parsing (aws/arn/arn.go) lets you extract region, account ID, and service details from resource identifiers; essential for multi-account and multi-region architectures.
• JMESPath Query Language — The SDK uses JMESPath (via github.com/jmespath/go-jmespath dependency) to parse and filter AWS API JSON responses; understanding JMESPath enables dynamic response extraction without manual struct marshaling.
• Session Pooling and Credential Caching — Creating a Session once and reusing it across requests reduces overhead; the SDK caches credentials and shared config, so understanding session lifecycle prevents leaks and improves performance.
• Context-Based Cancellation and Timeouts — Go's context.Context pattern (used in this SDK's request methods) allows graceful request cancellation and deadline enforcement; critical for production systems to avoid hanging goroutines during long-running operations.

• aws/aws-sdk-go-v2 — The official successor to this SDK; v2 is actively maintained and recommended for all new projects. Provides the same AWS service coverage with modern Go idioms (context support, middleware stack, cleaner API).
• boto3/boto3 — AWS SDK for Python; demonstrates the same AWS SDK architecture and patterns across another language, useful for teams migrating between Python and Go workflows.
• aws/aws-cli — AWS CLI implemented in Go using aws-sdk-go-v2; shows how to build production CLI tooling on top of AWS SDKs and serves as a reference for error handling and credential management.
• hashicorp/terraform — Terraform uses aws-sdk-go-v2 provider; demonstrates large-scale SDK usage patterns for infrastructure-as-code, resource retry strategies, and state management around AWS API calls.
• aws/aws-xray-sdk-go — Companion SDK for X-Ray distributed tracing in Go; integrates with aws-sdk-go to instrument AWS service calls with trace context for observability.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add deprecation warnings to core SDK entry points

While the repo has reached end-of-support (7/31/2025), the SDK lacks runtime deprecation warnings for users. Adding deprecation notices to aws/config.go and aws/client/client.go would help existing users understand they should migrate. This is more impactful than documentation alone since warnings appear at runtime.

• [ ] Add deprecation warning output to aws.Config initialization in aws/config.go
• [ ] Add deprecation warning to aws/client/client.go Client creation
• [ ] Make warnings conditional (only warn once per process or use environment variable to suppress)
• [ ] Add unit tests in aws/config_test.go and aws/client/client_test.go to verify warnings are emitted
• [ ] Document the warning behavior in CONTRIBUTING.md or add a deprecation.md file

Complete the README.md Quick Examples section

The README.md file is truncated mid-sentence in the 'Complete SDK Example' section. This incomplete documentation leaves contributors and users without clear guidance on basic SDK usage, especially critical for an end-of-support repository where migration examples would be valuable.

• [ ] Complete the truncated S3 upload example in README.md with full working code
• [ ] Add a 'Migration Guide' section with side-by-side examples comparing v1 and v2 SDK usage
• [ ] Link to specific migration examples in aws-sdk-go-v2 repository
• [ ] Add example for Context timeout pattern mentioned in the truncated text
• [ ] Verify all code examples compile and include any necessary imports

Consolidate context handling implementation across Go versions

The repo has multiple context implementation files (context_1_5.go, context_1_9.go, context_background_1_5.go, context_background_1_7.go, context_sleep.go) for backward compatibility with older Go versions. Since the module specifies 'go 1.19' as minimum, these version-specific files are now obsolete and should be consolidated or removed.

• [ ] Audit context_1_5.go, context_1_9.go, context_background_1_5.go, context_background_1_7.go to identify version-specific code
• [ ] Consolidate all context functionality into a single context.go file using Go 1.19 features
• [ ] Update aws/context_test.go to test the consolidated implementation
• [ ] Remove obsolete version-specific files
• [ ] Update CHANGELOG_PENDING.md documenting the cleanup for the final v1 release

• Add missing tests for aws/awsutil/string_value.go: File exists with *_test.go counterpart but may lack comprehensive edge cases (nil pointers, empty strings, special characters). Write table-driven tests covering boundary conditions.
• Document ARN parsing examples in aws/arn/README or in code comments: The aws/arn/arn.go parser exists but is undocumented for common use cases like 'parse an S3 bucket ARN' or 'extract account ID from any ARN'. Add godoc examples with real AWS ARN formats.
• Audit and add deprecation warnings to aws/auth/bearer/token.go if not already present: Bearer token auth is less common in SDK v1; verify it includes proper deprecation notices pointing users to v2 or clarifies when to use it, especially for asymmetric auth patterns.

The codebase presents significant security concerns due to the SDK's end-of-support status as of July 31, 2025. The primary risk is that this library will not receive any further security updates, patches, or maintenance. This is compounded by the use of an outdated Go version (1.19) which also lacks security updates. The single external dependency (jmespath) should be monitored but appears minimal. Immediate action is required: projects using this SDK should prioritize migration to AWS SDK for Go v2 and upgrade to a supported Go version. The repository itself serves as a legacy codebase and should not be used in new projects or for long-term maintenance.

• High · End-of-Support SDK in Production Use — Repository root, README.md, go.mod module declaration. The AWS SDK for Go v1 has reached end-of-support as of July 31, 2025. The repository explicitly states it will not receive further updates, security patches, or bug fixes. Any codebase depending on this SDK is exposed to unpatched vulnerabilities. Fix: Migrate to AWS SDK for Go v2 (github.com/aws/aws-sdk-go-v2) as recommended in the official announcement. Plan and execute migration as soon as possible.
• Medium · Outdated Go Version Target — go.mod (go 1.19). The module targets Go 1.19, which is no longer receiving security updates. Go 1.19 reached end-of-support in December 2023. Using outdated Go versions may expose the application to known language-level vulnerabilities. Fix: Update the Go version to the latest stable release (1.23 or newer) to receive security patches and bug fixes.
• Low · Single Third-Party Dependency — go.mod dependency: github.com/jmespath/go-jmespath v0.4.0. The codebase depends on github.com/jmespath/go-jmespath v0.4.0. While this is a relatively small dependency set, the specific version pinning should be verified against known vulnerabilities. Fix: Run go mod tidy and go list -u -m all to check for available updates. Consider running vulnerability scanners like govulncheck to identify known CVEs in dependencies.
• Low · Potential Information Disclosure via Example Files — aws/credentials/example.ini. Example configuration files like 'aws/credentials/example.ini' may serve as templates but could be accidentally committed with real credentials if developers copy them as templates without proper sanitization. Fix: Ensure example files are clearly marked as examples with placeholder values only. Add pre-commit hooks to prevent accidental credential commits. Include credentials pattern in .gitignore.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.