aws-sdk#Credentials TypeScript Examples
The following examples show how to use
aws-sdk#Credentials.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AwsS3UrlReader.ts From backstage with Apache License 2.0 | 6 votes |
|
/**
* If accessKeyId and secretAccessKey are missing, the standard credentials provider chain will be used:
* https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html
*/
private static buildCredentials(
integration?: AwsS3Integration,
): Credentials | CredentialsOptions | undefined {
if (!integration) {
return undefined;
}
const accessKeyId = integration.config.accessKeyId;
const secretAccessKey = integration.config.secretAccessKey;
let explicitCredentials: Credentials | undefined;
if (accessKeyId && secretAccessKey) {
explicitCredentials = new Credentials({
accessKeyId,
secretAccessKey,
});
}
const roleArn = integration.config.roleArn;
if (roleArn) {
return new aws.ChainableTemporaryCredentials({
masterCredentials: explicitCredentials,
params: {
RoleSessionName: 'backstage-aws-s3-url-reader',
RoleArn: roleArn,
ExternalId: integration.config.externalId,
},
});
}
return explicitCredentials;
}
Example #2
| Source File: AwsOrganizationCloudAccountProcessor.ts From backstage with Apache License 2.0 | 6 votes |
|
private static buildCredentials(
config: AwsOrganizationProviderConfig,
): Credentials | undefined {
const roleArn = config.roleArn;
if (!roleArn) {
return undefined;
}
return new AWS.ChainableTemporaryCredentials({
params: {
RoleSessionName: 'backstage-aws-organization-processor',
RoleArn: roleArn,
},
});
}
Example #3
| Source File: AwsIamKubernetesAuthTranslator.ts From backstage with Apache License 2.0 | 6 votes |
|
awsGetCredentials = async (): Promise<Credentials> => {
return new Promise((resolve, reject) => {
AWS.config.getCredentials(err => {
if (err) {
return reject(err);
}
return resolve(AWS.config.credentials as Credentials);
});
});
};
Example #4
| Source File: awsS3.ts From backstage with Apache License 2.0 | 6 votes |
|
private static buildCredentials(
config?: Config,
): Credentials | CredentialsOptions | undefined {
if (!config) {
return undefined;
}
const accessKeyId = config.getOptionalString('accessKeyId');
const secretAccessKey = config.getOptionalString('secretAccessKey');
let explicitCredentials: Credentials | undefined;
if (accessKeyId && secretAccessKey) {
explicitCredentials = new Credentials({
accessKeyId,
secretAccessKey,
});
}
const roleArn = config.getOptionalString('roleArn');
if (roleArn) {
return new aws.ChainableTemporaryCredentials({
masterCredentials: explicitCredentials,
params: {
RoleSessionName: 'backstage-aws-techdocs-s3-publisher',
RoleArn: roleArn,
},
});
}
return explicitCredentials;
}
Example #5
| Source File: AwsCredentials.ts From backstage with Apache License 2.0 | 5 votes |
|
/**
* If accessKeyId and secretAccessKey are missing, the DefaultAWSCredentialsProviderChain will be used:
* https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html
*/
static create(
config: {
accessKeyId?: string;
secretAccessKey?: string;
roleArn?: string;
},
roleSessionName: string,
): Credentials | CredentialsOptions | undefined {
if (!config) {
return undefined;
}
const accessKeyId = config.accessKeyId;
const secretAccessKey = config.secretAccessKey;
let explicitCredentials: Credentials | undefined;
if (accessKeyId && secretAccessKey) {
explicitCredentials = new Credentials({
accessKeyId,
secretAccessKey,
});
}
const roleArn = config.roleArn;
if (roleArn) {
return new aws.ChainableTemporaryCredentials({
masterCredentials: explicitCredentials,
params: {
RoleArn: roleArn,
RoleSessionName: roleSessionName,
},
});
}
return explicitCredentials;
}
Example #6
| Source File: AwsIamKubernetesAuthTranslator.ts From backstage with Apache License 2.0 | 5 votes |
|
async getCredentials(
assumeRole?: string,
externalId?: string,
): Promise<SigningCreds> {
return new Promise<SigningCreds>(async (resolve, reject) => {
const awsCreds = await this.awsGetCredentials();
if (!(awsCreds instanceof Credentials))
return reject(Error('No AWS credentials found.'));
let creds: SigningCreds = {
accessKeyId: awsCreds.accessKeyId,
secretAccessKey: awsCreds.secretAccessKey,
sessionToken: awsCreds.sessionToken,
};
if (!this.validCredentials(creds))
return reject(Error('Invalid AWS credentials found.'));
if (!assumeRole) return resolve(creds);
try {
const params: AWS.STS.Types.AssumeRoleRequest = {
RoleArn: assumeRole,
RoleSessionName: 'backstage-login',
};
if (externalId) params.ExternalId = externalId;
const assumedRole = await new AWS.STS().assumeRole(params).promise();
if (!assumedRole.Credentials) {
throw new Error(`No credentials returned for role ${assumeRole}`);
}
creds = {
accessKeyId: assumedRole.Credentials.AccessKeyId,
secretAccessKey: assumedRole.Credentials.SecretAccessKey,
sessionToken: assumedRole.Credentials.SessionToken,
};
} catch (e) {
console.warn(`There was an error assuming the role: ${e}`);
return reject(Error(`Unable to assume role: ${e}`));
}
return resolve(creds);
});
}
