用于 nodejs 的 aws sdk - 从 ChainableTemporaryCredentials 对象获取凭证
aws sdk for nodejs - getting credentials from ChainableTemporaryCredentials object
我正在尝试使用 AWS nodejs sdk ChainableTemporaryCredentials class 来获取客户 AWS 帐户的临时凭证。这是我的代码片段:
const credentials = new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Customer-Role"
},
masterCredentials: new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Automation-Role"
}
})
});
console.log("Credentials ", credentials.accessKeyId) //it prints undefined
const client = new S3({ credentials });
s3.listBuckets(function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data); // successful response with s3 buckets list is printed
});
我的要求是从上面的 credentials
对象中获取 sts 临时 accessKeyId、secretAccessKey 和 sessionToken 变量,并将它们传递给另一个 nodejs 模块以进行进一步的 AWS 操作。
但是,我得到 undefined
作为凭据对象的所有 accessKeyId、secretAccessKey 和 sessionToken 属性的值。
我知道凭据对象正在获取正确的值,因为我能够使用这些凭据列出 s3 存储桶。
如何获取由 ChainableTemporaryCredentials class 生成的临时凭证?
谢谢。
我通过将凭据代码包装在这样的 Promise 中来让它工作。
let credentials
AWS.config.credentials = new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Customer-Role"
},
masterCredentials: new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Automation-Role"
}
})
});
let promise = new Promise((resolve, reject) => {
config.getCredentials(async (err) => {
if (err) {
console.error("Unable to load aws credentials", err.message);
reject(err);
} else {
credentials = {
accessKeyId: config.credentials.accessKeyId,
secretAccessKey: config.credentials.secretAccessKey,
sessionToken: config.credentials.sessionToken,
};
resolve(credentials);
}
});
});
credentials = await promise;
console.log("Credentials ", credentials);
或者您可以这样做,而无需使用 Promise 手动包装。
async function getAWSCredentials() {
const credentials = new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Customer-Role",
},
masterCredentials: new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Automation-Role",
},
}),
});
return credentials.getPromise();
}
我正在尝试使用 AWS nodejs sdk ChainableTemporaryCredentials class 来获取客户 AWS 帐户的临时凭证。这是我的代码片段:
const credentials = new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Customer-Role"
},
masterCredentials: new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Automation-Role"
}
})
});
console.log("Credentials ", credentials.accessKeyId) //it prints undefined
const client = new S3({ credentials });
s3.listBuckets(function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data); // successful response with s3 buckets list is printed
});
我的要求是从上面的 credentials
对象中获取 sts 临时 accessKeyId、secretAccessKey 和 sessionToken 变量,并将它们传递给另一个 nodejs 模块以进行进一步的 AWS 操作。
但是,我得到 undefined
作为凭据对象的所有 accessKeyId、secretAccessKey 和 sessionToken 属性的值。
我知道凭据对象正在获取正确的值,因为我能够使用这些凭据列出 s3 存储桶。
如何获取由 ChainableTemporaryCredentials class 生成的临时凭证?
谢谢。
我通过将凭据代码包装在这样的 Promise 中来让它工作。
let credentials
AWS.config.credentials = new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Customer-Role"
},
masterCredentials: new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Automation-Role"
}
})
});
let promise = new Promise((resolve, reject) => {
config.getCredentials(async (err) => {
if (err) {
console.error("Unable to load aws credentials", err.message);
reject(err);
} else {
credentials = {
accessKeyId: config.credentials.accessKeyId,
secretAccessKey: config.credentials.secretAccessKey,
sessionToken: config.credentials.sessionToken,
};
resolve(credentials);
}
});
});
credentials = await promise;
console.log("Credentials ", credentials);
或者您可以这样做,而无需使用 Promise 手动包装。
async function getAWSCredentials() {
const credentials = new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Customer-Role",
},
masterCredentials: new ChainableTemporaryCredentials({
params: {
RoleArn: "arn:aws:iam::123456789:role/Test-Automation-Role",
},
}),
});
return credentials.getPromise();
}