I'm working on a React/Node.js app and I'm trying to read my IAM User credentials from ~/.aws/credentials file. I am trying to use fromIni from the @aws-sdk/credential-providers node package. According to the AWS SDK v3 documentation, I can do the following:
import { fromIni } from "@aws-sdk/credential-providers"; // ES6 import
// const { fromIni } = require("@aws-sdk/credential-providers"); // CommonJS import
const client = new FooClient({
credentials: fromIni({
// Optional. The configuration profile to use. If not specified, the provider will use the value
// in the `AWS_PROFILE` environment variable or a default of `default`.
profile: "profile",
// Optional. The path to the shared credentials file. If not specified, the provider will use
// the value in the `AWS_SHARED_CREDENTIALS_FILE` environment variable or a default of
// `~/.aws/credentials`.
filepath: "~/.aws/credentials",
// Optional. The path to the shared config file. If not specified, the provider will use the
// value in the `AWS_CONFIG_FILE` environment variable or a default of `~/.aws/config`.
configFilepath: "~/.aws/config",
// Optional. A function that returns a a promise fulfilled with an MFA token code for the
// provided MFA Serial code. If a profile requires an MFA code and `mfaCodeProvider` is not a
// valid function, the credential provider promise will be rejected.
mfaCodeProvider: async (mfaSerial) => {
return "token";
},
// Optional. Custom STS client configurations overriding the default ones.
clientConfig: { region },
}),
});
But when I try this in my index.js file:
import { fromIni } from '@aws-sdk/credential-providers';
const createLink = {
url: config.aws_appsync_graphqlEndpoint,
region: config.aws_appsync_region,
auth: {
type: config.aws_appsync_authenticationType,
credentials: fromIni()
}
};
and then run npm start, I get the following error:
export 'fromIni' (imported as 'fromIni') was not found in '@aws-sdk/credential-providers' (possible exports: fromCognitoIdentity, fromCognitoIdentityPool, fromTemporaryCredentials, fromWebToken)
It seems like the function I want isn't exported from the package but the documentation says otherwise.
Edit:
The output to @aws-sdk/credential-providers @aws-sdk/credential-provider-ini
port-dashboard@0.1.0 C:\Users\kshang\Documents\pov-ui
├─┬ @aws-sdk/client-cognito-identity-provider@3.79.0
│ ├─┬ @aws-sdk/client-sts@3.79.0
│ │ └─┬ @aws-sdk/credential-provider-node@3.79.0
│ │ └── @aws-sdk/credential-provider-ini@3.79.0
│ └─┬ @aws-sdk/credential-provider-node@3.79.0
│ └── @aws-sdk/credential-provider-ini@3.79.0
├─┬ @aws-sdk/credential-providers@3.79.0
│ ├─┬ @aws-sdk/client-cognito-identity@3.79.0
│ │ └─┬ @aws-sdk/credential-provider-node@3.79.0
│ │ └── @aws-sdk/credential-provider-ini@3.79.0 deduped
│ └── @aws-sdk/credential-provider-ini@3.79.0
└─┬ aws-amplify@4.3.20
├─┬ @aws-amplify/analytics@5.2.5
│ └─┬ @aws-sdk/client-firehose@3.6.1
│ └─┬ @aws-sdk/credential-provider-node@3.6.1
│ ├── @aws-sdk/credential-provider-ini@3.6.1
│ └─┬ @aws-sdk/credential-provider-process@3.6.1
│ └── @aws-sdk/credential-provider-ini@3.6.1 deduped
└─┬ @aws-amplify/geo@1.3.1
└─┬ @aws-sdk/client-location@3.48.0
└─┬ @aws-sdk/credential-provider-node@3.48.0
└── @aws-sdk/credential-provider-ini@3.48.0
Update: After doing more research and talking to some AWS Experts, it turns out we'll need to use Amazon Cognito in order to get credentials for our Browser based app.
I get the same error trying to use fromIni() for a simple CreateInvalidationCommand using the CloudFrontClient.
Trying to configure the client without the credentials key results in a Error: Credential is missing
My current workaround for developing locally is using a .env.local file, and using the accessKeyId and secretAccessKey properties for my config:
const cloudfront = new CloudFrontClient({
credentials: {
accessKeyId: process.env.REACT_APP_AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.REACT_APP_SECRET_ACCESS_KEY,
},
region: "us-east-1",
});
Which is obviously not ideal, but it works locally for testing and development.
I also wanted to note that fromEnv() is also missing from the exports. Which causes issues with this workaround in EC2 instances.
Either way, hoping to see this resolved in an update soon.
cache-invalidator@0.1.0 /Users/miguelmaldonado/Desktop/projects/prototypes/cache-invalidator
├─┬ @aws-sdk/client-cloudfront@3.85.0
│ └─┬ @aws-sdk/credential-provider-node@3.85.0
│ └── @aws-sdk/credential-provider-ini@3.85.0 deduped
└─┬ @aws-sdk/credential-providers@3.85.0
└── @aws-sdk/credential-provider-ini@3.85.0