@aws-sdk/credential-provider-node NPM | npm.io

3.563.0 • Published 21 hours ago

Install

Weekly downloads

452,300

License

Apache-2.0

Repository

Last release

21 hours ago

@aws-sdk/credential-provider-node

AWS Credential Provider for Node.JS

This module provides a factory function, fromEnv, that will attempt to source AWS credentials from a Node.JS environment. It will attempt to find credentials from the following sources (listed in order of precedence):

Environment variables exposed via process.env
SSO credentials from token cache
Web identity token credentials
Shared credentials and config ini files
The EC2/ECS Instance Metadata Service

The default credential provider will invoke one provider at a time and only continue to the next if no credentials have been located. For example, if the process finds values defined via the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables, the files at ~/.aws/credentials and ~/.aws/config will not be read, nor will any messages be sent to the Instance Metadata Service.

If invalid configuration is encountered (such as a profile in ~/.aws/credentials specifying as its source_profile the name of a profile that does not exist), then the chained provider will be rejected with an error and will not invoke the next provider in the list.

IMPORTANT: if you intend to acquire credentials using EKS IAM Roles for Service Accounts, then you must explicitly specify a value for roleAssumerWithWebIdentity. There is a default function available in @aws-sdk/client-sts package. An example of using this:

const { getDefaultRoleAssumerWithWebIdentity } = require("@aws-sdk/client-sts");
const { defaultProvider } = require("@aws-sdk/credential-provider-node");
const { S3Client, GetObjectCommand } = require("@aws-sdk/client-s3");

const provider = defaultProvider({
  roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity({
    // You must explicitly pass a region if you are not using us-east-1
    region: "eu-west-1"
  }),
});

const client = new S3Client({ credentialDefaultProvider: provider });

IMPORTANT: We provide a wrapper of this provider in @aws-sdk/credential-providers package to save you from importing getDefaultRoleAssumerWithWebIdentity() or getDefaultRoleAssume() from STS package. Similarly, you can do:

const { fromNodeProviderChain } = require("@aws-sdk/credential-providers");

const credentials = fromNodeProviderChain();

const client = new S3Client({ credentials });

Supported configuration

You may customize how credentials are resolved by providing an options hash to the defaultProvider factory function. The following options are supported:

profile - The configuration profile to use. If not specified, the provider will use the value in the AWS_PROFILE environment variable or a default of default.
filepath - The path to the shared credentials file. If not specified, the provider will use the value in the AWS_SHARED_CREDENTIALS_FILE environment variable or a default of ~/.aws/credentials.
configFilepath - The path to the shared config file. If not specified, the provider will use the value in the AWS_CONFIG_FILE environment variable or a default of ~/.aws/config.
mfaCodeProvider - A function that returns a a promise fulfilled with an MFA token code for the provided MFA Serial code. If a profile requires an MFA code and mfaCodeProvider is not a valid function, the credential provider promise will be rejected.
roleAssumer - A function that assumes a role and returns a promise fulfilled with credentials for the assumed role. If not specified, no role will be assumed, and an error will be thrown.
roleArn - ARN to assume. If not specified, the provider will use the value in the AWS_ROLE_ARN environment variable.
webIdentityTokenFile - File location of where the OIDC token is stored. If not specified, the provider will use the value in the AWS_WEB_IDENTITY_TOKEN_FILE environment variable.
roleAssumerWithWebIdentity - A function that assumes a role with web identity and returns a promise fulfilled with credentials for the assumed role.
timeout - The connection timeout (in milliseconds) to apply to any remote requests. If not specified, a default value of 1000 (one second) is used.
maxRetries - The maximum number of times any HTTP connections should be retried. If not specified, a default value of 0 will be used.

Related packages:

aws credentials

@aws-sdk/credential-provider-env @aws-sdk/credential-provider-http @aws-sdk/credential-provider-ini @aws-sdk/credential-provider-process @aws-sdk/credential-provider-sso @aws-sdk/credential-provider-web-identity @aws-sdk/types @smithy/credential-provider-imds @smithy/property-provider @smithy/shared-ini-file-loader @smithy/types tslib

@rconjoe/nx-s3-cache @sophya/envy @aws/aws-codesuite-backend-plugin-for-backstage @infinitebrahmanuniverse/nolb-_aws-sd @prodam/search-utils @candidpartners/snitch-utils @everything-registry/sub-chunk-102 @aws-sdk/client-groundstation @gourmet/aws-client @hausdorff/client-s3-mirror @mark-voicemail/common reflowio sam-cdk tf-next s3-deploy-script supersam simple-aws-opensearch-client tunnel-vision vault-auth-aws @jumba/lambda-utils @lifeomic/alpha @lonocloud/cljs-apis frankenstack @mhlabs/evb-cli fl-kappa @n8n/n8n-nodes-langchain gei-s3 @nasa-gcn/architect-functions-search @rutan/deployment-zip insomnia-plugin-es-aws4-request @runnerty/executor-mail @runnerty/notifier-mail inanis @routineless/nx-aws-cdk @hyperone/cli-ext-root-auth @hytromo/nx-s3-cache @ikonintegration/ikapi @project-lakechain/opensearch-index @project-lakechain/opensearch-saved-object hp-shield-email hp-event-signal-email hp-bombombooks-email hp-bpspay-email hp-bpspay-email2 hp-trainner-email @perp/common @seneca/opensearch-store @eventual/aws-cdk @eventual/aws-client @eventual/aws-runtime @sgftech/medusa-file-s3 @scaldwell77/aws-signed-fetch @potatohd/tf-next hlsrecord @pellegrims/nx-remotecache-s3 @flowfuse/flowfuse @flowforge/flowforge @soyjak/utils @stedi/sdk-token-provider @stedi/sdk-token-provider-aws-identity @thatamplify/backend @trinio-labs/nx-remotecache-s3 @trivikr-test/client-s3 klassi-js ness @aws-sdk/client-robomaker @aws-sdk/client-robomaker-node @aws-sdk/client-rolesanywhere @aws-sdk/client-route-53 @aws-sdk/client-route-53-domains @aws-sdk/client-route-53-domains-node @aws-sdk/client-route-53-node @aws-sdk/client-route53-recovery-cluster @aws-sdk/client-route53-recovery-control-config @aws-sdk/client-sqs @aws-sdk/client-sqs-node @aws-sdk/client-ssm @aws-sdk/client-ssm-contacts @aws-sdk/client-ssm-incidents @aws-sdk/client-ssm-node @aws-sdk/client-ssm-sap @aws-sdk/client-ssmsap @aws-sdk/client-ram-node @aws-sdk/client-rbin @aws-sdk/client-rds @aws-sdk/client-rds-data @aws-sdk/client-rds-data-node @aws-sdk/client-rds-node @aws-sdk/client-redshift @aws-sdk/client-route53-recovery-readiness @aws-sdk/client-route53profiles @aws-sdk/client-route53resolver @aws-sdk/client-route53resolver-node @aws-sdk/client-rum @aws-sdk/client-s3 @aws-sdk/client-s3-control @aws-sdk/client-pi-node @aws-sdk/client-pinpoint @aws-sdk/client-pinpoint-email @aws-sdk/client-pinpoint-email-node

21 hours ago

10 days ago

15 days ago

17 days ago

22 days ago

1 month ago

1 month ago

1 month ago

2 months ago

2 months ago

2 months ago

2 months ago

2 months ago

2 months ago

2 months ago

2 months ago

3 months ago

3 months ago

3 months ago

3 months ago

3 months ago

3 months ago

3 months ago

3 months ago

3 months ago

3 months ago

3 months ago

4 months ago

4 months ago

4 months ago

4 months ago

4 months ago

4 months ago

4 months ago

4 months ago

4 months ago

5 months ago

5 months ago

5 months ago

5 months ago

5 months ago

6 months ago

5 months ago

5 months ago

6 months ago

6 months ago

6 months ago

6 months ago

6 months ago

6 months ago

9 months ago

10 months ago

8 months ago

10 months ago

7 months ago

7 months ago

6 months ago

8 months ago

9 months ago

9 months ago

7 months ago

9 months ago

10 months ago

7 months ago

8 months ago

8 months ago

9 months ago

10 months ago

7 months ago

6 months ago

9 months ago

7 months ago

7 months ago

6 months ago

8 months ago

9 months ago

9 months ago

7 months ago

8 months ago

6 months ago

11 months ago

10 months ago

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago

10 months ago

11 months ago

10 months ago

10 months ago

11 months ago

11 months ago

12 months ago

11 months ago

11 months ago

1 year ago

12 months ago

11 months ago

12 months ago

12 months ago

12 months ago

1 year ago

12 months ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

2 years ago

1 year ago

1 year ago

2 years ago

1 year ago

2 years ago

2 years ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

2 years ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

3 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

0.1.0-preview.10

4 years ago

0.1.0-preview.9

4 years ago

0.1.0-preview.8

4 years ago

0.1.0-preview.7

5 years ago

0.1.0-preview.6

5 years ago

0.1.0-preview.5

5 years ago

0.1.0-preview.4

5 years ago

0.1.0-preview.3

5 years ago

0.1.0-preview.2

5 years ago

0.1.0-preview.1

5 years ago