Reputation: 55443
How to use AWS SSO with AWS-SDK 2.x
In my Nodejs app, I have been using aws-sdk (2.x) to get S3 objects. Below code works pretty fine.
const AWS = require("aws-sdk");
S3 = new AWS.S3({
accessKeyId: 'actual_accessKeyId',
secretAccessKey: 'actual_secretAccessKey',
region: 'region',
signatureVersion: "v4",
});
const listBucketContent = (filePath, bucketName) => {
const params = { Bucket: bucketName, Prefix: filePath };
return S3.listObjects(params).promise();
};
However, as you can see above, I use hardcoded accesskey and secretaccesskey.
I actually don't want to use accesskey and secretAccesskey.
I have AWS SSO configured in my machine which looks something like below,
[profile AWS-XXX]
sso_start_url = https://XXX.XXX.com/start/#
sso_region = XXXXX
sso_account_id = XXXXXXXXXX
sso_role_name = XXXAdministratorAccess
region = XXXX
I want to use SSO directly but don't seem to find any way or articles to use it with aws-sdk.
So how can get S3 objects using AWS SSO?
Upvotes: 1
Views: 295
Answers (3)
Reputation: 11588
Simply removing the static credentials (not providing any credentials at all) will make the SDK go through the list of all other possible credential locations - here is the relevant documentation for reference.
By default, it will use the default profile - if your SSO config is under the default profile, it should just work out of the box.
However, you can set the profile yourself by setting the AWS_PROFILE environment variable (setting process.env.AWS_PROFILE also works), or be even more explicit and directly load the SSO credentials provider.
Here is the example from the docs:
var creds = new AWS.SsoCredentials({profile: 'AWS-XXX'});
AWS.config.credentials = creds;
Upvotes: 1
Reputation: 11
In SSO(The modern IAM), The key rotates every once in a while. You need to configure it only once with a role that you will assume during login and will correlate to the relevant account/environment/console you manage. Follow this configuration, You can configure the role to have a limited permissions.
More documentation here: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/getting-your-credentials.html
Upvotes: 0
Reputation: 1281
An example for the aws-sdk for C# is documented in AWS Docs here.
The equivalent of methods and class to use for AWS SDK for JavaScript v2. upcoming end of support for v2 so it's better to use the v3
but it seems that you need to do the login (manually or progrmatically) prior the execution of the code
Upvotes: 0
Related Questions
- How do I get the path to the current script with Node.js?
- How do I pass command line arguments to a Node.js program and receive them?
- Using async/await with a forEach loop
- How can I update each dependency in package.json to the latest version?
- How to exit in Node.js
- How can I update Node.js and npm to their latest versions?
- The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-central-1'
- @aws-sdk/client-s3 --> No 'Access-Control-Allow-Origin' header is present on the requested resource
- What is the purpose of Node.js module.exports and how do you use it?
- How to decide when to use Node.js?