mhart / awscred Goto Github PK
View Code? Open in Web Editor NEWNode.js module to resolve AWS credentials/region using env, ini files and IAM roles
License: MIT License
Node.js module to resolve AWS credentials/region using env, ini files and IAM roles
License: MIT License
When used inside a AWS CodeBuild build environment (which uses ECS under the hood) one needs to use the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
environment variable and fetch the credentials from http://169.254.170.2${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}
, which returns a payload that looks like this:
{
"RoleArn": "...",
"AccessKeyId": "...",
"SecretAccessKey": "...",
"Token": "...",
"Expiration": "2017-12-24T03:14:03Z"
}
see here for a related question which pointed me to the above URL.
Profile configs in ~/.aws/config
may include a role_arn
and source_profile
keys. This specifies that the source_profile
account should be used to assume the specified role. (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html)
The feature can be used to support cross-account role access in profiles.
It would be great if awscred
could uses STS
to assume the role and derives the access key, id and session token.
I know this would introduce a (peer) dependency on the AWS SDK.
I can work on a PR for this but wanted to see if there was any approach recommended first.
I have this code and am seeing the correct data.credentials value however region is not. I intially tried to call w/o regionCallChain:[awscred.loadRegionFromIniFile]
and have added that but still not getting my configured value.
var AWS = require('aws-sdk');
var awscred = require('awscred');
awscred.loadCredentialsAndRegion({profile:'dev_serverless',regionCallChain:[awscred.loadRegionFromIniFile]},function(err, data) {
if (err) throw err;
console.log(data.credentials);
console.log(data.region);
AWS.config.region = data.region;
AWS.config.credentials = data.credentials;
var result = test.handler(event,context);
});
and this ini file values
[eeegPages]
aws_access_key_id=xx
aws_secret_access_key=xxx
[dev_serverless]
aws_region=us-west-2
aws_access_key_id=xxx
aws_secret_access_key=xxx
I've tried to rename aws_region to region as well as add a [default] with (aws_)region and printing the region always comes back w/ aws-east-1
I have checked and I don't have a region set in my env vars either.
Can you tell me what I'm missing?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.