micronyks
micronyks

Reputation: 55443

How to use AWS SSO with AWS-SDK 2.x

In my Nodejs app, I have been using aws-sdk (2.x) to get S3 objects. Below code works pretty fine.

const AWS = require("aws-sdk");
S3 = new AWS.S3({
        accessKeyId: 'actual_accessKeyId',
        secretAccessKey: 'actual_secretAccessKey',
        region: 'region',
        signatureVersion: "v4",
});


const listBucketContent = (filePath, bucketName) => {
    const params = { Bucket: bucketName, Prefix: filePath };
    return S3.listObjects(params).promise();
};

However, as you can see above, I use hardcoded accesskey and secretaccesskey.


I actually don't want to use accesskey and secretAccesskey.

I have AWS SSO configured in my machine which looks something like below,

[profile AWS-XXX]
sso_start_url = https://XXX.XXX.com/start/#
sso_region = XXXXX
sso_account_id = XXXXXXXXXX
sso_role_name = XXXAdministratorAccess
region = XXXX

I want to use SSO directly but don't seem to find any way or articles to use it with aws-sdk.

So how can get S3 objects using AWS SSO?

Upvotes: 1

Views: 295

Answers (3)

gshpychka
gshpychka

Reputation: 11588

Simply removing the static credentials (not providing any credentials at all) will make the SDK go through the list of all other possible credential locations - here is the relevant documentation for reference.

By default, it will use the default profile - if your SSO config is under the default profile, it should just work out of the box.

However, you can set the profile yourself by setting the AWS_PROFILE environment variable (setting process.env.AWS_PROFILE also works), or be even more explicit and directly load the SSO credentials provider.

Here is the example from the docs:

var creds = new AWS.SsoCredentials({profile: 'AWS-XXX'});
AWS.config.credentials = creds;

Upvotes: 1

adamatdevops
adamatdevops

Reputation: 11

In SSO(The modern IAM), The key rotates every once in a while. You need to configure it only once with a role that you will assume during login and will correlate to the relevant account/environment/console you manage. Follow this configuration, You can configure the role to have a limited permissions.

More documentation here: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/getting-your-credentials.html

Upvotes: 0

Med Agou
Med Agou

Reputation: 1281

An example for the aws-sdk for C# is documented in AWS Docs here.

The equivalent of methods and class to use for AWS SDK for JavaScript v2. upcoming end of support for v2 so it's better to use the v3

but it seems that you need to do the login (manually or progrmatically) prior the execution of the code

Upvotes: 0

Related Questions