为什么需要使用JavaScript SDK对凭证进行硬编码才能连接到AWS? [英] Why do I need to hardcode credentials to connect to AWS using the javascript SDK?
问题描述
我问了其他问题这使我相信,默认情况下,JavaScript AWS开发工具包无需执行任何操作即可在您环境中的许多位置查找凭证。它检查的位置顺序在此处列出: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html
I've asked this other question here that leads me to believe, by default, the JavaScript AWS SDK looks for credentials in a number of places in your environment without you having to do anything. The order of places it checks is listed here: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html
我有一些可以连接到AWS Athena的工作代码。只有手动对凭据进行硬编码,我才能使它正常工作,这似乎与上面的文档相矛盾。这是我的代码:
I've got some working code that connects to AWS Athena. I can only get it to work if I hardcode the credentials manually, which seems to contradict the documentation above. Here is my code:
export const getAthena = (): AWS.Athena => {
if (process.env["LOCAL_MODE"] === "true") {
const awsCredentials = {
region: "us-east-1",
accessKeyId: awsCredentialsParser("aws_access_key_id"),
secretAccessKey: awsCredentialsParser("aws_secret_access_key"),
sessionKey: awsCredentialsParser("aws_session_token")
};
AWS.config.update(awsCredentials);
let credential = new AWS.Credentials({
accessKeyId: awsCredentials.accessKeyId,
secretAccessKey: awsCredentials.secretAccessKey,
sessionToken: awsCredentials.sessionKey
});
return new AWS.Athena({credentials: credential, signatureCache: false});
} else {
const awsCredentials1 = {
region: "us-east-1",
accessKeyId: undefined,
secretAccessKey: undefined,
sessionKey: undefined
};
AWS.config.update(awsCredentials1);
return new AWS.Athena({credentials: undefined, signatureCache: false});
}
};
export const awsCredentialsParser = (key: string): string => {
const homeDirectory = os.homedir();
const awsCredentials = fs.readFileSync(homeDirectory + "/.aws/credentials", {encoding: "UTF8"});
const awsCredentialLines = awsCredentials.split("\n");
const lineThatStartsWithKey = awsCredentialLines.filter((line) => line.startsWith(key))[0];
return lineThatStartsWithKey.split(" = ")[1];
};
如您所见,我正在使用一个名为 LOCAL_MODE的环境变量。如果将其设置为true,它将从我的共享凭据文件中获取凭据。而如果您不在本地模式下,它将所有凭据设置为undefined,而是依靠IAM角色。 文档不是说我不必这样做吗?
As you can see, I am using an environment variable called "LOCAL_MODE". If this is set to true, it grabs credentials from my shared credential file. Whereas, if you're not in local mode, it sets all credentials to undefined and relies on the IAM role instead. Isn't the documentation saying I don't have to do this?
但是,如果我将代码更改为此,则任何调用雅典娜一直挂到超时:
But, if I change my code to this, any call to athena hangs until it times out:
export const getAthena = (): AWS.Athena => {
return new AWS.Athena();
};
如果我将超时设置为非常大的数字,它最终会让我知道我无效证书。
If I set the timeout to a really large number, it eventually will let me know that I have invalid credentials.
根据文档,难道第二个示例不是像第一个示例那样找到凭证吗?为什么第二个示例挂起?我不想写上面的代码。如何使我的代码像示例一样工作?
- 我是不是以某种方式创建了
AWS。 Athena()在第二个示例中是错误的方式? - 如何解决此问题以弄清楚其为什么挂起?
- 根据文档,底部示例是否应该与顶部示例做相同的事情?
- Am I somehow creating
AWS.Athena()the wrong way in the 2nd example? - How do I troubleshoot this to figure out why it's hanging?
- According to the documentation, shouldn't the bottom example be doing the same thing as the top?
推荐答案
因此,经过调查,看来(这是第二个片段的失败)是因为您的 .aws / credentials 文件中没有 [默认] 配置文件。这是一个特殊的配置文件。我假设客户找不到时使用空字符串(或null或其他内容)。我觉得这很有趣(应该抛出异常)。
So after an investigation it seems that this (i.e. the failure on your second snippet) is because you don't have the [default] profile in your .aws/credentials file. Which is a special profile. I assume that the client uses empty strings (or nulls or something) when he can't find it. Which I find amusing to be honest (should throw an exception).
无论如何,要解决此问题,可以将配置文件重命名为 [默认] 或在代码中设置其他配置文件。以下是相关文档:
Anyway, to fix that either rename the profile you have to [default] or setup a different profile in your code. Here's the relevant docs:
我建议使用 AWS_PROFILE 环境变量。将使您的代码更具可移植性。
I recommend using the AWS_PROFILE environment variable. Will make your code more portable.
这篇关于为什么需要使用JavaScript SDK对凭证进行硬编码才能连接到AWS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
