Aws-sdk-js: Support credential_source for use with IAM roles
It appears the js sdk doesn't support using credential_source to specify credentials from an EC2 instance role - this works with awscli and the ruby sdk. I'd love support for this, or a pointer to where I missed it if that's the case.
https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles
hlarsen
All 17 comments
@hlarsen
credential_source is not currently supported in the JS SDK. I'll mark this as a feature request; thanks for the feedback!
chrisradek
on 6 Feb 2018
@chrisradek any updates? This would be super-helpful resolving the referenced serverless deploy issues!
glb
on 18 Oct 2018
Is there any effort going on towards this feature? I'd like to give it a try and would be more than happy for any hints and things to watch out for. I assume the shared_ini_file_credentials.js would be the place to start and implement this?
bweigel
on 13 Jan 2019
if it helps, I, too am looking for this feature. Migrated my code from laptop to ec2, just to find this missing. Would REALLY be sad if I had to rewrite everything in Python.
mi5guided
on 26 Jan 2019
Hey @mi5guided Have you tried to use the ChainableTemporaryCredentials? I think you can use EC2MetadataCredentials as the master credentials here and specify the roleArn you'd like to assume.
AllanZhengYP
on 27 Jan 2019
THANK YOU @AllanFly120 ! Awesome work-around, that I can use quickly. I guess I can stop trying to port the functionality from boto3 to aws-sdk-js (especially since 3.0 is in preview).
Thanks, again!
mi5guided
on 27 Jan 2019
Has this issue been fixed or any efforts toward fixing it?
hojatbay
on 28 Jan 2019
@hojatbay every once in a while I have some time and look at it a little. Have something running locally, but nothing in the extend of a PR so far.
bweigel
on 28 Jan 2019
I've personally lost days due to lack of this feature.
atz
on 1 May 2019
This missing feature is really painful. Is there any progress update?
jkaldon-rebellabs
on 14 Jun 2019
Looks like this comment fixes the issue https://github.com/serverless/serverless/issues/3833#issuecomment-389739007:
export AWS_SDK_LOAD_CONFIG=1
haidaraM
on 14 Oct 2019
after exporting AWS_SDK_LOAD_CONFIG=1, below is the new error. My stackoverflow: https://stackoverflow.com/questions/60049779/ec2-ecs-cross-account-serverless-deploy
Error --------------------------------------------------
Error: ENOENT: no such file or directory, open '/home/ec2-user/.aws/credentials'
at Object.openSync (fs.js:443:3)
at Object.readFileSync (fs.js:343:35)
at Object.readFileSync (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/util.js:95:26)
at IniLoader.parseFile (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:6:47)
at IniLoader.loadFrom (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:56:30)
at Config.region (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/node_loader.js:100:36)
at Config.set (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/config.js:507:39)
at Config.<anonymous> (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/config.js:342:12)
at Config.each (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/util.js:507:32)
at new Config (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/config.js:341:19)
at Object.<anonymous> (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/node_loader.js:110:14)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at Object.<anonymous> (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/aws.js:1:1)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at Object.<anonymous> (/usr/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:3:13)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at Object.<anonymous> (/usr/lib/node_modules/serverless/lib/plugins/index.js:24:3)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at PluginManager.loadAllPlugins (/usr/lib/node_modules/serverless/lib/classes/PluginManager.js:110:10)
at pluginManager.loadConfigFile.then.then (/usr/lib/node_modules/serverless/lib/Serverless.js:96:35)
From previous event:
at Serverless.init (/usr/lib/node_modules/serverless/lib/Serverless.js:94:8)
at initializeErrorReporter.then (/usr/lib/node_modules/serverless/bin/serverless.js:74:8)
at runCallback (timers.js:705:18)
at tryOnImmediate (timers.js:676:5)
at processImmediate (timers.js:658:5)
at process.topLevelDomainCallback (domain.js:126:23)
From previous event:
at Object.<anonymous> (/usr/lib/node_modules/serverless/bin/serverless.js:64:4)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
at startup (internal/bootstrap/node.js:283:19)
at bootstrapNodeJSCore (internal/bootstrap/node.js:623:3)
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: linux
Node Version: 10.18.1
Framework Version: 1.62.0
Plugin Version: 3.3.0
SDK Version: 2.3.0
Components Core Version: 1.1.2
Components CLI Version: 1.4.0
Necromancerx
on 4 Feb 2020
Feedback on when we might expect this functionality?
rpurdon-nf
on 4 May 2020
It's a bit concerning that AWS itself doesn't take this feature seriously. Having this feature work is a must for good security as all of the workarounds involve access to the access keys somewhere. Is it really that hard to implement this given that it's already part of the AWS CLI?
ryudice
on 18 Jun 2020
Hello, also an issue for me, need to assume roles from the environment, any progress?
pcleddy
on 11 Jul 2020
Can you try the ChainableTemporaryCredentials as mentioned above by Allan as a workaround.
ajredniwja
on 11 Jul 2020
I dont like the ChainableTemporaryCredentials solution because if have to specify the RoleARN then you have to hardcode the account id or have it in a mapping, since that's a part of the ARN
davidsmith-accesso
on 30 Jul 2020
Related issues
pihish
路
4Comments
ranode
路
4Comments
michaelwittig
路
3Comments
kennu
路
3Comments
hashans
路
3Comments
Most helpful comment
This missing feature is really painful. Is there any progress update?