kmamykin
commented
5 years ago I'm afraid this is more of a AWS library question then something specific to AWSMqtt. This library only expects the passed credential object to have an async get function that calls back when credentials are loaded or refreshed, then creates a signed url with them.
https://github.com/kmamykin/aws-mqtt/blob/b373503d8371e2d6ab7d25d99af31cef585bdabc/src/urlSigner.js#L35
I would try something like this:
const sts = new AWS.STS();
const myStsCredentials = {
accessKeyId: null,
secretAccessKey: null,
sessionToken: null,
get: function (callback) {
const thisObj = this;
sts.assumeRole({...}, function (err, data) {
if (err) return callback(err); // an error occurred
else { // successful response
thisObj.accessKeyId = data.Credentials.AccessKeyId;
thisObj.secretAccessKey = data.Credentials.SecretAccessKey;
thisObj.sessionTocken = data.Credentials.SessionToken;
return callback(null, thisObj);
}
});
}
}
const client = new AWSMqttClient({
credentials: myStsCredentials,
...
})
Hi!
Using this awesome client as a PubSub broker for Apollo GraphQL. While doing so I initially tried to make it work using sts.AssumeRole but noticed that there needs to be compatible
refreshandgetmethods on the credentials object passed in, like the Cognito example.I've tried to implement them but with little success, getting errors with invalid/missing credentials, and I'm wondering if this even possible at all. I can't seem to find anything to confirm or deny this in the IoT docs or what the expected shape should be for those invocations.
With some pointers I'd be able to add this functionality to the client I think, if its feasible at all :)