用于 nodejs 的 aws sdk - 从 ChainableTemporaryCredentials 对象获取凭证

aws sdk for nodejs - getting credentials from ChainableTemporaryCredentials object

我正在尝试使用 AWS nodejs sdk ChainableTemporaryCredentials class 来获取客户 AWS 帐户的临时凭证。这是我的代码片段:

  
const credentials = new ChainableTemporaryCredentials({
  params: {
    RoleArn: "arn:aws:iam::123456789:role/Test-Customer-Role"
  },
  masterCredentials: new ChainableTemporaryCredentials({
    params: {
      RoleArn: "arn:aws:iam::123456789:role/Test-Automation-Role"
    }
  })
});

console.log("Credentials ", credentials.accessKeyId)   //it prints undefined

const client = new S3({ credentials });

s3.listBuckets(function(err, data) {
  if (err) console.log(err, err.stack);
  else     console.log(data);           // successful response with s3 buckets list is printed
});

我的要求是从上面的 credentials 对象中获取 sts 临时 accessKeyId、secretAccessKey 和 sessionToken 变量,并将它们传递给另一个 nodejs 模块以进行进一步的 AWS 操作。 但是,我得到 undefined 作为凭据对象的所有 accessKeyId、secretAccessKey 和 sessionToken 属性的值。

我知道凭据对象正在获取正确的值,因为我能够使用这些凭据列出 s3 存储桶。

如何获取由 ChainableTemporaryCredentials class 生成的临时凭证?

谢谢。

我通过将凭据代码包装在这样的 Promise 中来让它工作。

let credentials
AWS.config.credentials = new ChainableTemporaryCredentials({
  params: {
    RoleArn: "arn:aws:iam::123456789:role/Test-Customer-Role"
  },
  masterCredentials: new ChainableTemporaryCredentials({
    params: {
      RoleArn: "arn:aws:iam::123456789:role/Test-Automation-Role"
    }
  })
});

        let promise = new Promise((resolve, reject) => {
          config.getCredentials(async (err) => {
            if (err) {
              console.error("Unable to load aws credentials", err.message);
              reject(err);
            } else {
              credentials = {
                accessKeyId: config.credentials.accessKeyId,
                secretAccessKey: config.credentials.secretAccessKey,
                sessionToken: config.credentials.sessionToken,
              };
              resolve(credentials);
            }
          });
        });

        credentials = await promise;
        console.log("Credentials ", credentials);

或者您可以这样做,而无需使用 Promise 手动包装。

async function getAWSCredentials() {
  const credentials = new ChainableTemporaryCredentials({
    params: {
      RoleArn: "arn:aws:iam::123456789:role/Test-Customer-Role",
    },
    masterCredentials: new ChainableTemporaryCredentials({
      params: {
        RoleArn: "arn:aws:iam::123456789:role/Test-Automation-Role",
      },
    }),
  });

  return credentials.getPromise();
}