Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assume Role #25

Open
rashidcmb opened this issue Apr 28, 2017 · 4 comments
Open

Assume Role #25

rashidcmb opened this issue Apr 28, 2017 · 4 comments

Comments

@rashidcmb
Copy link

Can we assume role and use the same script
@MichaelDavisTSN
Copy link

Yes. I'd love to be able to use this in a lambda function.

@edasque
Copy link
Owner

edasque commented May 22, 2019

@rashidcmb @MichaelDavisTSN do you want to submit a PR?

@jasonwilk
Copy link

jasonwilk commented May 14, 2020
edited

For those that need to get this to work with an assumed role. Just add a sessionToken to config.json and then add sessionToken: process.env.AWS_SESSION_TOKEN to the dynamoDBtoCSV.js file just after secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY.

Once you do that, it works perfectly.

A proper PR would have it look for the token and use it if it was present or handle it like it's handling MFA tokens. I might work try to submit one at some point. But wanted to get this out there in case anybody else needed to get it working with assumed role credentials.

@rknechtel
Copy link

@jasonwilk

Note: I'm not a Node JS developer.

It seems this method no longer works. I get this error:

at Request.extractError (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/protocol/json.js:52:27)
at Request.callListeners (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:686:14)
at Request.transition (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request. (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:38:9)
at Request. (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:688:12)
at Request.callListeners (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
code: 'UnrecognizedClientException',
time: 2022-05-05T15:32:01.612Z,
requestId: 'LQ0H37PSIHR1IPJFRIKDVN9VIRVV4KQNSO5AEMVJF66Q9ASUAAJG',
statusCode: 400,
retryable: false,
retryDelay: 47.53354422765167
}

config.json

{
    "accessKeyId": "<SECRET_KEY_ID>",
    "secretAccessKey": "<SECRET_ACCESS_KEY>",
    "sessionToken" : "<SESSION_TOKEN_FROM_ENV>",
    "region": "us-west-2"
}

dynamoDBtoCSV.js

if (options.envcreds) {
  let newCreds = AWS.config.credentials;
  newCreds.profile = options.profile;
  AWS.config.update({
    credentials: {
      accessKeyId: process.env.AWS_ACCESS_KEY_ID,
      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
      sessionToken: process.env.AWS_SESSION_TOKEN
    },
    region: process.env.AWS_DEFAULT_REGION
  });
}

Environment

env | grep AWS_SESSION_TOKEN

AWS_SESSION_TOKEN=<AWS_SESSION_TOKEN>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@edasque @jasonwilk @rashidcmb @MichaelDavisTSN @rknechtel