Apparently dotenvi doesn't respect `AWS_PROFILE` or `AWS_DEFAULT_PROFILE`

[b3ross]

@goldcaddy77 to add more information

[goldcaddy77]

It seems to work if you hard-code your keys in ~/.aws/credentials, but doesn't work if you assume roles using ~/.aws/config. In the case where you use ~/.aws/config, it always just ends up using the AWS_DEFAULT_PROFILE.

[ksteiny]

this.

[b3ross]

Oy I still gotta fix this!

[b3ross]

So some notes so I can revisit this at a later point - only have a few minutes to take a look...

The javascript SDK uses AWS_PROFILE, not AWS_DEFAULT_PROFILE, but using AWS_PROFILE causes the values to simply not be pulled in:

Could not load value ceres-connectors-salesforce-password from credstash: CredentialsError: Missing credentials in config
Could not load value ceres-connectors-salesforce-token from credstash: CredentialsError: Missing credentials in config

so there's something funky going on in the credstash node.js logic.

[ksteiny]

@ewyler for reference to this issue

[b3ross]

@ksteiny I think the javascript API only respects the profiles listed in the ~/.aws/credentials file. So you'd need to have separate access and secret keys for each aws environment, and cannot use IAM to access the various environments.

[hakamadare]

hey @b3ross i suspect you'll want to explicitly set AWS_SDK_LOAD_CONFIG in the env before initializing the SDK, see https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-region.html#setting-region-config-file - that should get you support for ~/.aws/config

[b3ross]

@hakamadare, ah good find.

@ksteiny does the above suggestion fix this issue? ^^^. I don't have an AWS setup available offhand to test this.

Also,

[hakamadare]

@b3ross i was able to get the desired behavior by modifying src/resolvers.ts like so:

 // set AWS_SDK_LOAD_CONFIG to pull in ~/.aws/config
 process.env.AWS_SDK_LOAD_CONFIG = "true"
 import * as AWS from 'aws-sdk';

that could possibly be more sophisticated (maybe only set it if it's unset in the environment?)