search

tweedegolf / storage-abstraction

Provides an abstraction layer for interacting with a storage; the storage can be local or in the cloud.
MIT License
106 stars 18 forks source link

Unable to use AWS env vars or AWS ECS credentials implicitly when using S3 adapter #24

Closed zionsg closed 1 year ago

zionsg commented 2 years ago

Hi, having an issue where the application is being deployed on AWS ECS Fargate and the access to S3 is defined by the ECS task role, hence no AWS IAM user to issue the usual access key and secret.

In AWS's own Node.js SDK, it is possible to skip the passing in of the access key and secret, and the AWS SDK will automatically read it from a chain of providers, e.g. from env vars or the ECS task role.

However, your library requires the passing in of the AWS credentials at https://github.com/tweedegolf/storage-abstraction/blob/master/src/AdapterAmazonS3.ts

    if (!cfg.accessKeyId || !cfg.secretAccessKey) {
      throw new Error(
        "You must specify a value for both 'applicationKeyId' and  'applicationKey' for storage type 's3'"
      );
    }

Would it be possible to remove this check and let the check be done by the AWS SDK instead?

This flow shows how AWS SDK will automatically search out the credentials from various sources if not provided:

This flow shows how the AWS S3 client makes use of the credential providers

abudaan commented 1 year ago

In version 1.4.5 a new key skipCheck has been added to the configuration object. This allows you to let the AWS SDK do the check:

const config = {
  type: StorageType.S3,
  skipCheck: true,
};
const s = new Storage(config);