Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apparently dotenvi doesn't respect AWS_PROFILE or AWS_DEFAULT_PROFILE #24

Open
b3ross opened this issue May 30, 2018 · 9 comments
Open

Apparently dotenvi doesn't respect AWS_PROFILE or AWS_DEFAULT_PROFILE #24

b3ross opened this issue May 30, 2018 · 9 comments
Labels
help wanted Extra attention is needed

Comments

@b3ross
Copy link
Owner

b3ross commented May 30, 2018

@goldcaddy77 to add more information
@goldcaddy77
Copy link
Contributor

It seems to work if you hard-code your keys in ~/.aws/credentials, but doesn't work if you assume roles using ~/.aws/config. In the case where you use ~/.aws/config, it always just ends up using the AWS_DEFAULT_PROFILE.

@b3ross b3ross added the help wanted Extra attention is needed label Oct 9, 2018
@ksteiny
Copy link

ksteiny commented Oct 12, 2018

this.

@b3ross
Copy link
Owner Author

b3ross commented Oct 12, 2018

Oy I still gotta fix this!

@b3ross
Copy link
Owner Author

b3ross commented Oct 12, 2018

So some notes so I can revisit this at a later point - only have a few minutes to take a look...

The javascript SDK uses AWS_PROFILE, not AWS_DEFAULT_PROFILE, but using AWS_PROFILE causes the values to simply not be pulled in:

Could not load value ceres-connectors-salesforce-password from credstash: CredentialsError: Missing credentials in config
Could not load value ceres-connectors-salesforce-token from credstash: CredentialsError: Missing credentials in config

so there's something funky going on in the credstash node.js logic.

@ksteiny
Copy link

ksteiny commented Oct 22, 2018

@ewyler for reference to this issue

@b3ross
Copy link
Owner Author

b3ross commented Jun 23, 2019

@ksteiny I think the javascript API only respects the profiles listed in the ~/.aws/credentials file. So you'd need to have separate access and secret keys for each aws environment, and cannot use IAM to access the various environments.

@hakamadare
Copy link
Contributor

hey @b3ross i suspect you'll want to explicitly set AWS_SDK_LOAD_CONFIG in the env before initializing the SDK, see https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-region.html#setting-region-config-file - that should get you support for ~/.aws/config

@b3ross
Copy link
Owner Author

b3ross commented Mar 28, 2020

@hakamadare, ah good find.

@ksteiny does the above suggestion fix this issue? ^^^. I don't have an AWS setup available offhand to test this.

Also,
giphy (1)

@hakamadare
Copy link
Contributor

@b3ross i was able to get the desired behavior by modifying src/resolvers.ts like so:

 // set AWS_SDK_LOAD_CONFIG to pull in ~/.aws/config
 process.env.AWS_SDK_LOAD_CONFIG = "true"
 import * as AWS from 'aws-sdk';

that could possibly be more sophisticated (maybe only set it if it's unset in the environment?)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hakamadare @goldcaddy77 @b3ross @ksteiny