Amplify-js: Storage throws 'Error: Missing credentials in config' on any operation.

Created on 21 Sep 2018 · 7Comments · Source: aws-amplify/amplify-js

Describe the bug
AWS.config.update({ credentials }); does not seem to set credentials for the S3 client.

AWS.config.update({
  region: region,
  credentials: credentials
});

To Reproduce
Steps to reproduce the behavior:

Create a react native application
Add AWS amplify
Create a project on Mobile Hub
Configure AWS Amplify with aws-exports.js
Use AWS Amplify Storage to put an object in S3
Notice that the put fails and an error message is logged:

Error: Missing credentials in config

Expected behavior
I expected to see the object in the S3 bucket and to receive no errors.

Smartphone (please complete the following information):

Device: iPhone 8
OS: iOS 11.4
React Native

Additional context
I'm getting this with aws-amplify 1.1.1.

In my App.js, I'm doing this:

import Amplify, { Storage, Logger, Analytics, I18n } from "aws-amplify";
import aws_exports from "./src/aws-exports";
Amplify.configure(aws_exports);

When I try to put a file in the bucket, I get this:

[DEBUG] 03:55.298 StorageClass - put images/avatars/84ebf52f-0a2c-493d-9d92-6fb9f109facd.jpg to public/images/avatars/84ebf52f-0a2c-493d-9d92-6fb9f109facd.jpg
YellowBox.js:80 Object {[WARN] 03:55.307 StorageClass - error uploading: Error: Missing credentials in config
    at credError ...

I have added storage with awsmobile user-files configured:

╰─╼ $ awsmobile user-files enable

user-files is already enabled
# to configure the feature
    $ awsmobile user-files configure

I have the keys I'd expect to see in aws-exports.js.

    'aws_cognito_identity_pool_id': '[our pool id]',
    'aws_cognito_region': 'us-east-1',
    // ...
    'aws_user_files': 'enable',
    'aws_user_files_s3_bucket': '[our bucket]',
    'aws_user_files_s3_bucket_region': 'us-east-1',

I started digging into this issue a little deeper. If I put a breakpoint here in Storage.put I see that my credentials are set and credentialsOK is true.
https://github.com/aws-amplify/amplify-js/blob/400b1cb2f393d33efe5aa824f730b3155a2f9822/packages/storage/src/Storage.ts#L155

When the S3 client gets created, AWS.config.credentials has an accessKeyId, identityId, secretAccessKey, and a sessionToken.
https://github.com/aws-amplify/amplify-js/blob/400b1cb2f393d33efe5aa824f730b3155a2f9822/packages/storage/src/Storage.ts#L341-L352

But, when it gets to the aws-sdk-js, there are no credentials and no credential provider set so it errors out here:
https://github.com/aws/aws-sdk-js/blob/fe88308a8699b39aef06492c898b265a3a24251f/lib/config.js#L367

I modified the code generated by Storage.ts locally to explicitly pass the credentials and everything worked as expected . . . now I'm not really sure how to tell what I'm doing wrong. :-/

    /**
     * @private
     */
    StorageClass.prototype._createS3 = function (options) {
        var bucket = options.bucket, region = options.region, credentials = options.credentials;
        core_1.AWS.config.update({
            region: region,
            credentials: credentials
        });
        return new S3({
            apiVersion: '2006-03-01',
            params: { Bucket: bucket },
            region: region,
            credentials: credentials // when I added this, things started working
        });
    };

My current workaround is to replace Storage._createS3 with another method that returns an S3 client with credentials set. For obvious reasons, I'd like to remove the workaround. :)

// TODO: get rid of this stuff ASAP
import S3 from 'aws-sdk/clients/s3';

hackyCreateS3 = (options) => {
  const { bucket, region, credentials } = options;
  return new S3({
    apiVersion: '2006-03-01',
    params: { Bucket: bucket },
    region: region,
    credentials: credentials
  });
}

Storage._createS3 = hackyCreateS3;
// to here . . . this is all hacks

_please don't judge me :(_

At first, I thought this might be related to this issue: https://github.com/aws-amplify/amplify-js/issues/242

After further investigation, I'm pretty sure that it's a different issue (potentially, I'm doing something dumb).

Thanks a lot for your help!

Storage pending-close-response-required

Source

tncbbthositg

👍8

Most helpful comment

FWIW, I determined this was caused by a devDependency pulling in a different version of the aws-sdk. After checking my yarn.lock, I found multiple versions of aws-sdk being included, and after I forced them to resolve to the version amplify was using the hacky workaround was no longer needed.

kevinsperrine on 12 Dec 2018

👍3

All 7 comments

I ran into the exact same issue, and did almost the same analysis as @tncbbthositg... Got a different solution though, for me a direct dependency to aws-sdk in my package.json causes this issue.

From what I deducted, it's caused by the following:

    StorageClass.prototype._createS3 = function (options) {
        var bucket = options.bucket, region = options.region, credentials = options.credentials;
        core_1.AWS.config.update({
            region: region,
            credentials: credentials
        });
        return new S3({
            apiVersion: '2006-03-01',
            params: { Bucket: bucket },
            region: region,
            credentials: credentials // when I added this, things started working
        });
    };

The core_1.AWS.config is an instance of the (slimmed down?) aws sdk that is found in @aws-amplify/core. S3 resolves to the S3 instance that is found in the full aws-sdk that is installed by your direct dependency, that S3 uses the local AWS.config that is not getting configured with credentials by aws-amplify.

I'm not 100% how that package resolution works, but this seems to be the cause. It's a bit of a shame, because I was using this to access some of the AWS api's not supported by the amplify library. In theory it should also be possible to get your credentials into the main aws-sdk if you are using it, haven't figured that out though...

daanoz on 15 Nov 2018

Thanks, @tncbbthositg. I, too, had this same problem today after upgrading and dropping in the function replacement works.

It was a big leap, but I upgraded from:

[email protected]:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/aws-amplify-react/-/aws-amplify-react-2.0.0.tgz#e1fda1705ee0342ef542f6dbe5790ad3cf82fd6a"
  dependencies:
    "@aws-amplify/ui" "^1.0.2"
    qrcode.react "^0.8.0"
    regenerator-runtime "^0.11.1"

[email protected]:
  version "1.0.8"
  resolved "https://registry.yarnpkg.com/aws-amplify/-/aws-amplify-1.0.8.tgz#6fda1a88851fb5462031e61853458b9ca9bb0099"
  dependencies:
    "@aws-amplify/analytics" "^1.0.7"
    "@aws-amplify/api" "^1.0.8"
    "@aws-amplify/auth" "^1.0.8"
    "@aws-amplify/cache" "^1.0.7"
    "@aws-amplify/core" "^1.0.7"
    "@aws-amplify/interactions" "^1.0.7"
    "@aws-amplify/pubsub" "^1.0.7"
    "@aws-amplify/storage" "^1.0.7"

[email protected]:
  version "2.198.0"

[email protected]:
  version "2.1.4"
  resolved "https://registry.yarnpkg.com/aws-amplify-react/-/aws-amplify-react-2.1.4.tgz#b4293fcb7ae4b6b6883167af90ef525eb59b00bc"
  integrity sha512-OgZaWiJOioMgBEdelJPsuikxjClxNXHWecattVUbfXNXzLIzIWGfmaCKtmj3gUpaF6HJMMa0Wfa3uYK35PmPow==
  dependencies:
    "@aws-amplify/ui" "^1.0.9"
    qrcode.react "^0.8.0"
    regenerator-runtime "^0.11.1"

[email protected]:
  version "1.1.10"
  resolved "https://registry.yarnpkg.com/aws-amplify/-/aws-amplify-1.1.10.tgz#802f7f858a8b934607bb276fa9112f8996f9f82e"
  integrity sha512-pRl8Y35BZpEB7M41SIUbmD9MA+HH1bAY9b/BRi4SjJ4TfabtqrMER+Ti2SIPmkA1CyPOPdbtBf5imHSJB+bYVQ==
  dependencies:
    "@aws-amplify/analytics" "^1.2.6"
    "@aws-amplify/api" "^1.0.21"
    "@aws-amplify/auth" "^1.2.10"
    "@aws-amplify/cache" "^1.0.18"
    "@aws-amplify/core" "^1.0.18"
    "@aws-amplify/interactions" "^1.0.18"
    "@aws-amplify/pubsub" "^1.0.18"
    "@aws-amplify/storage" "^1.0.19"
    "@aws-amplify/xr" "^0.1.8"

[email protected]:
  version "2.329.0"

kevinsperrine on 17 Nov 2018

Getting the same error.
Got a React Application and want to upload files to S3 Bucket.

Amplify.configure(
        {
            Auth: {
                region: aws_config.cognito.REGION,
                userPoolId: aws_config.cognito.USER_POOL_ID,
                identityPoolId: aws_config.cognito.IDENTITY_POOL_ID,
                userPoolWebClientId: aws_config.cognito.APP_CLIENT_ID,
                mandatorySignIn: true,
            },
            Storage: {
                region: aws_config.s3.REGION,
                bucket: aws_config.s3.BUCKET,
                identityPoolId: aws_config.cognito.IDENTITY_POOL_ID
            },
          }
    );

Also I granted the authenticated roles in my federal pool full access on the s3 bucket.

Here is the stacktrace:

config.js:347 Uncaught (in promise) Error: Missing credentials in config
    at credError (config.js:347)
    at Config.getCredentials (config.js:392)
    at Request.VALIDATE_CREDENTIALS (event_listeners.js:88)
    at Request.callListeners (sequential_executor.js:106)
    at Request.emit (sequential_executor.js:78)
    at Request.emit (request.js:697)
    at Request.transition (request.js:30)
    at AcceptorStateMachine.runTo (state_machine.js:16)
    at Request.runTo (request.js:406)
    at Request.send (request.js:371)
    at ManagedUpload.nextChunk (managed_upload.js:487)
    at ManagedUpload.fillBuffer (managed_upload.js:417)
    at ManagedUpload.send (managed_upload.js:206)
    at util.js:776
    at new Promise (<anonymous>)
    at ManagedUpload.promise (util.js:775)
    at AWSS3Provider.<anonymous> (AWSS3Provider.js:410)
    at step (AWSS3Provider.js:125)
    at Object.next (AWSS3Provider.js:55)
    at fulfilled (AWSS3Provider.js:7)
    at batch (es.es6.js:72)
    at es.es6.js:41

This is what I am using to upload:

await Storage.put(
            uuid.v1() + '.pdf', file,
            {
                contentType: 'application/pdf',
            },
        );

Also I have noticed, that this is really a library problem because the library doesn't even send a request so aws.

bykof on 9 Dec 2018

I fixed it by setting the credentials hard with:

import AWS from 'aws-sdk';
Amplify.configure(
        {
            Auth: {
                region: aws_config.cognito.REGION,
                userPoolId: aws_config.cognito.USER_POOL_ID,
                identityPoolId: aws_config.cognito.IDENTITY_POOL_ID,
                userPoolWebClientId: aws_config.cognito.APP_CLIENT_ID,
                mandatorySignIn: true,
            },
            Storage: {
                region: aws_config.s3.REGION,
                bucket: aws_config.s3.BUCKET,
                identityPoolId: aws_config.cognito.IDENTITY_POOL_ID,
            },
            API: {
                endpoints: [
                    {
                        name: aws_config.apiGateway.NAME,
                        endpoint: aws_config.apiGateway.URL,
                    }
                ]
            },
        }
    );

    AWS.config.credentials = Auth.essentialCredentials(await Auth.currentCredentials());

So this should be set in the library right?

bykof on 11 Dec 2018

👍1

kevinsperrine on 12 Dec 2018

👍3

@tncbbthositg As @kevinsperrine stated, I believe this is an issue with having different versions of aws-sdk being included. Can you please verify this is the case?