search

edasque / DynamoDBtoCSV

Dump DynamoDB data into a CSV file
Apache License 2.0
470 stars 152 forks source link

Assume Role #25

Open rashidcmb opened 7 years ago

rashidcmb commented 7 years ago

Can we assume role and use the same script

MichaelDavisTSN commented 5 years ago

Yes. I'd love to be able to use this in a lambda function.

edasque commented 5 years ago

@rashidcmb @MichaelDavisTSN do you want to submit a PR?

jasonwilk commented 4 years ago

For those that need to get this to work with an assumed role. Just add a sessionToken to config.json and then add sessionToken: process.env.AWS_SESSION_TOKEN to the dynamoDBtoCSV.js file just after secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY.

Once you do that, it works perfectly.

A proper PR would have it look for the token and use it if it was present or handle it like it's handling MFA tokens. I might work try to submit one at some point. But wanted to get this out there in case anybody else needed to get it working with assumed role credentials.

rknechtel commented 2 years ago

@jasonwilk

Note: I'm not a Node JS developer.

It seems this method no longer works. I get this error:

at Request.extractError (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/protocol/json.js:52:27) at Request.callListeners (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/sequential_executor.js:106:20) at Request.emit (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:686:14) at Request.transition (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/state_machine.js:14:12) at /home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request. (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:38:9) at Request. (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:688:12) at Request.callListeners (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/sequential_executor.js:116:18) { code: 'UnrecognizedClientException', time: 2022-05-05T15:32:01.612Z, requestId: 'LQ0H37PSIHR1IPJFRIKDVN9VIRVV4KQNSO5AEMVJF66Q9ASUAAJG', statusCode: 400, retryable: false, retryDelay: 47.53354422765167 }

config.json 

{
    "accessKeyId": "<SECRET_KEY_ID>",
    "secretAccessKey": "<SECRET_ACCESS_KEY>",
    "sessionToken" : "<SESSION_TOKEN_FROM_ENV>",
    "region": "us-west-2"
}

dynamoDBtoCSV.js 

if (options.envcreds) {
  let newCreds = AWS.config.credentials;
  newCreds.profile = options.profile;
  AWS.config.update({
    credentials: {
      accessKeyId: process.env.AWS_ACCESS_KEY_ID,
      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
      sessionToken: process.env.AWS_SESSION_TOKEN
    },
    region: process.env.AWS_DEFAULT_REGION
  });
}

Environment 

env | grep AWS_SESSION_TOKEN

AWS_SESSION_TOKEN=<AWS_SESSION_TOKEN>