In my Nodejs app, I have been using aws-sdk (2.x)
to get S3 objects. Below code works pretty fine.
const AWS = require("aws-sdk");
S3 = new AWS.S3({
accessKeyId: 'actual_accessKeyId',
secretAccessKey: 'actual_secretAccessKey',
region: 'region',
signatureVersion: "v4",
});
const listBucketContent = (filePath, bucketName) => {
const params = { Bucket: bucketName, Prefix: filePath };
return S3.listObjects(params).promise();
};
However, as you can see above, I use hardcoded accesskey
and secretaccesskey
.
I actually don’t want to use accesskey
and secretAccesskey
.
I have AWS SSO
configured in my machine which looks something like below,
[profile AWS-XXX]
sso_start_url = https://XXX.XXX.com/start/#
sso_region = XXXXX
sso_account_id = XXXXXXXXXX
sso_role_name = XXXAdministratorAccess
region = XXXX
I want to use SSO directly but don’t seem to find any way or articles to use it with aws-sdk
.
So how can get S3 objects using AWS SSO?
2
Answers
An example for the aws-sdk for C# is documented in AWS Docs here.
The equivalent of methods and class to use for AWS SDK for JavaScript v2. upcoming end of support for v2 so it’s better to use the v3
but it seems that you need to do the login (manually or progrmatically) prior the execution of the code
In SSO(The modern IAM), The key rotates every once in a while. You need to configure it only once with a role that you will assume during login and will correlate to the relevant account/environment/console you manage.
Follow this configuration, You can configure the role to have a limited permissions.
More documentation here:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/getting-your-credentials.html