mhart / awscred Goto Github PK
View Code? Open in Web Editor NEWNode.js module to resolve AWS credentials/region using env, ini files and IAM roles
License: MIT License
awscred's People
Contributors
Stargazers
Watchers
awscred's Issues
support executing inside AWS CodeBuild
When used inside a AWS CodeBuild build environment (which uses ECS under the hood) one needs to use the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable and fetch the credentials from http://169.254.170.2${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}, which returns a payload that looks like this:
{
"RoleArn": "...",
"AccessKeyId": "...",
"SecretAccessKey": "...",
"Token": "...",
"Expiration": "2017-12-24T03:14:03Z"
}
see here for a related question which pointed me to the above URL.
Support assumed roles in profile INI
Profile configs in ~/.aws/config may include a role_arn and source_profile keys. This specifies that the source_profile account should be used to assume the specified role. (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html)
The feature can be used to support cross-account role access in profiles.
It would be great if awscred could uses STS to assume the role and derives the access key, id and session token.
I know this would introduce a (peer) dependency on the AWS SDK.
I can work on a PR for this but wanted to see if there was any approach recommended first.
Region does not seem to be working.?.?
I have this code and am seeing the correct data.credentials value however region is not. I intially tried to call w/o regionCallChain:[awscred.loadRegionFromIniFile] and have added that but still not getting my configured value.
var AWS = require('aws-sdk');
var awscred = require('awscred');
awscred.loadCredentialsAndRegion({profile:'dev_serverless',regionCallChain:[awscred.loadRegionFromIniFile]},function(err, data) {
if (err) throw err;
console.log(data.credentials);
console.log(data.region);
AWS.config.region = data.region;
AWS.config.credentials = data.credentials;
var result = test.handler(event,context);
});
and this ini file values
[eeegPages]
aws_access_key_id=xx
aws_secret_access_key=xxx
[dev_serverless]
aws_region=us-west-2
aws_access_key_id=xxx
aws_secret_access_key=xxx
I've tried to rename aws_region to region as well as add a [default] with (aws_)region and printing the region always comes back w/ aws-east-1 I have checked and I don't have a region set in my env vars either.
Can you tell me what I'm missing?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.