Closed LumaKernel closed 2 years ago
He @LumaKernel, the library supports AWS environment variables for environments where the metadata server is not available: AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, AWS_SESSION_TOKEN
, etc.
https://github.com/googleapis/google-auth-library-nodejs/blob/main/src/auth/awsclient.ts#L128-L138
@LumaKernel please let us know if @bojeil-google's suggestion doesn't work for you :ok_hand:
I'd like to reopen this -- the suggestion to use AWS environment variables works in lambda, but it does not work in ECS or EKS environments.
From the comments on #1321:
We also have plans to support pluggable auth where you can have an external plugin provide AWS credentials for the libraries
is there any timeline on when this might be implemented?
Is your feature request related to a problem? Please describe. The AWS's new version of SDK
@aws-sdk/*
has new feature about credentials,@aws-sdk/credentials-provider
.This is providing credentials in consistent interface (
Credentials | CredentialsProvider
) for any authentication method. For example, if we want to use Workload Identity Federation in AWS Container (like ECS) environment, we cannot useAwsClient
because there is no metadata endpoint. It's also the case for AWS Lambda.Definition of
Credentials
:https://github.com/aws/aws-sdk-js-v3/blob/main/packages/types/src/credentials.ts#L3-L27
Definition of
CredentialProvider
:https://github.com/aws/aws-sdk-js-v3/blob/842e39638d994b518d6580dd979031c8be738017/packages/types/src/credentials.ts#L29
Definition of
Provider<T>
:https://github.com/aws/aws-sdk-js-v3/blob/842e39638d994b518d6580dd979031c8be738017/packages/types/src/util.ts#L34-L43
Describe the solution you'd like I made a patch to support
Credentials | CredentialsProvider
. #1321 This is a refined version of our quick implementation (open source) for connecting from container credentials to firebase-admin through google-auth-library. It's working code in our preview environment. (It's open, if you need more detailed information about this, we can provide. )Describe alternatives you've considered N/A
Additional context N/A