[英]ChainableTemporaryCredentials getPromise and Missing credentials in config, if using AWS_CONFIG_FILE
I have an node application deployed in GCP.我在 GCP 中部署了一个节点应用程序。 The application includes code to access ressources in AWS-cloud.该应用程序包含用于访问 AWS 云中资源的代码。 For this purpose it uses the aws-SDK with ChainableTemporaryCredentials.为此,它使用带有 ChainableTemporaryCredentials 的 aws-SDK。
The relevant code lines are...相关的代码行是...
const credentials = new ChainableTemporaryCredentials({
params: {
RoleArn: `arn:aws:iam::${this.accountId}:role/${this.targetRoleName}`,
RoleSessionName: this.targetRoleName,
},
masterCredentials: new WebIdentityCredentials({
RoleArn: `arn:aws:iam::${this.proxyAccountId}:role/${this.proxyRoleName}`,
RoleSessionName: this.proxyRoleName,
WebIdentityToken: token,
}),
})
await credentials.getPromise()
The WebIdentityToken was received from google and looks good. WebIdentityToken 是从谷歌收到的,看起来不错。 At AWS-side I created an proxy-role (the line from masterCredentials RoleArn).在 AWS 端,我创建了一个代理角色(来自 masterCredentials RoleArn 的行)。
However at runtime I get the error:但是在运行时我收到错误:
Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
I do not understand this error.我不明白这个错误。 Because my application runs in GCP and I use temporary credentials I do not understand why I should use aws-credentials in form of an credentials file or environment variables like AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY.因为我的应用程序在 GCP 中运行并且我使用临时凭证,所以我不明白为什么我应该以凭证文件或环境变量(如 AWS_ACCESS_KEY_ID 或 AWS_SECRET_ACCESS_KEY)的形式使用 aws-credentials。 I thought the idea to use ChainableTemporaryCredentials is NOT to have direct aws-credentials.我认为使用 ChainableTemporaryCredentials 的想法不是直接使用 aws-credentials。 Right?正确的?
You can see the public code at: https://github.com/cloud-carbon-footprint/cloud-carbon-footprint/blob/trunk/packages/aws/src/application/GCPCredentials.ts and documentation regarding env-variables at: https://www.cloudcarbonfootprint.org/docs/configurations-glossary/您可以在以下位置查看公共代码: https://github.com/cloud-carbon-footprint/cloud-carbon-footprint/blob/trunk/packages/aws/src/application/GCPCredentials.ts以及有关 env-variables 的文档: https://www.cloudcarbonfootprint.org/docs/configurations-glossary/
Any help which leads to understanding of this error message is welcome.欢迎任何有助于理解此错误消息的帮助。
Thomas托马斯
Solved it.解决了。 "Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1 was totally misleading." “配置中缺少凭据,如果使用 AWS_CONFIG_FILE,则设置 AWS_SDK_LOAD_CONFIG=1 完全是误导。” In reality it was a problem with the field-names in the GCP-JWT-token und the policy in aws.实际上,这是 GCP-JWT-token 中的字段名称和 aws 中的策略的问题。 See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud请参阅https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.