Open enote-kane opened 1 month ago
First, to refresh on the coverage of my provided implementation, the README includes:
The following credential sources are supported:
- Environment variables
- Static credentials in
~/.aws/credentials
- EKS Pod Identity (web identity token files)
- ECS Task IAM roles
- EC2 instance credentials
[...]
Multiple bits are missing:
- AssumeRole credentials (#4)
- [...]
It looks like you are looking to use an AssumeRole-based profile. Yes, this library currently lacks any support for the AWS config file, including profile chaining. (I should document this more clearly...)
This SharedIniFileCredentials
implementation is the entirety of my AWS_PROFILE
implementation and is clearly insufficient. TBH, CredentialsProvider
is probably the wrong level of abstraction to implement ~/.aws/config
. Perhaps profiles should be handled by ApiFactory
instead.
Unfortunately, I have very little capacity for writing new code near-term due to summer plans. I suggest several options, maybe one can help you move forward:
/x/aws_api
in your app, you could implement a new CredentialsProvider
which reads ~/.aws/config
and supports assuming roles. You could then pass it to the ApiFactory
and/or construct a customized CredentialsProviderChain
including it. This might be upstreamable too./x/aws_api
but want solid auth, you could import only npm:@aws-sdk/credential-providers
and then wrap it with a CredentialsProvider
interface for this library to use. This could be a helpful example to share.AWS_PROFILE
logic 🤔 ⌛ Thanks for reaching out! I hope I can help with any further questions you may have.
With the official AWS SDK, I can switch accounts/roles by defining profiles in
~/.aws/config
. All these profiles may inherit from the same "credential" profile, specified throughsource_profile
.The Deno AWS API, however, only reads profiles from
~/.aws/credentials
and doesn't seem to supportrole-arn
or reading the config file at all.Just ran into this:
An example:
~/.aws/credentials:
~/.aws/config:
Furthermore, the Deno AWS API implementation also violates the following:
Ref: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html