stackoom
  简体   繁体   中英

ChainableTemporaryCredentials getPromise and Missing credentials in config, if using AWS_CONFIG_FILE

 原文  2022-09-13 11:47:27       aws-sdk/ aws-credentials

Question

I have an node application deployed in GCP. The application includes code to access ressources in AWS-cloud. For this purpose it uses the aws-SDK with ChainableTemporaryCredentials.

The relevant code lines are...

      const credentials = new ChainableTemporaryCredentials({
        params: {
          RoleArn: `arn:aws:iam::${this.accountId}:role/${this.targetRoleName}`,
          RoleSessionName: this.targetRoleName,
        },
        masterCredentials: new WebIdentityCredentials({
          RoleArn: `arn:aws:iam::${this.proxyAccountId}:role/${this.proxyRoleName}`,
          RoleSessionName: this.proxyRoleName,
          WebIdentityToken: token,
        }),
      })

      await credentials.getPromise()

The WebIdentityToken was received from google and looks good. At AWS-side I created an proxy-role (the line from masterCredentials RoleArn).

However at runtime I get the error:

Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1

I do not understand this error. Because my application runs in GCP and I use temporary credentials I do not understand why I should use aws-credentials in form of an credentials file or environment variables like AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY. I thought the idea to use ChainableTemporaryCredentials is NOT to have direct aws-credentials. Right?

You can see the public code at: https://github.com/cloud-carbon-footprint/cloud-carbon-footprint/blob/trunk/packages/aws/src/application/GCPCredentials.ts and documentation regarding env-variables at: https://www.cloudcarbonfootprint.org/docs/configurations-glossary/

Any help which leads to understanding of this error message is welcome.

Thomas

1 answers

solution1
 0  2022-09-28 05:14:15

Solved it. "Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1 was totally misleading." In reality it was a problem with the field-names in the GCP-JWT-token und the policy in aws. See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1 Heroku S3 missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1', AWS SDK Missing credentials in config Python boto3 how to parse role_arn from AWS_CONFIG_FILE? Unable to load AWS credentials from ~/.aws/config and ~/.aws/credentials file aws sdk for nodejs - getting credentials from ChainableTemporaryCredentials object Reading aws config and credentials from resources folder using aws java sdk version 2 AWS CLI get credentials/config from root Golang: AWS Lambda: Fails finding spf13/viper config file: Config File "<config-file-name>" Not Found in "[/var/task /var/config]" How to mock aws-sdk using jest mock, getting error "Missing region in config"
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM