CredentialsError: Missing credentials in config in dynamoDB

1
votes

I have created an assumed role which has the access of dynamoDB of other account, and I am getting the assume role credential using AWS STS. 

var sts = new AWS.STS({apiVersion: '2011-06-15', region:'us-east-1', endpoint: 'https://sts.amazonaws.com'});


console.log("Before calling the assume role");
sts.assumeRole({
    DurationSeconds: 3600,
    RoleArn: 'arn:aws:iam::123456789012:role/crossAccount',
    RoleSessionName: 'awssdk'
}, function(err, data) {
    if (err) {
        // an error occurred
        console.log('Cannot assume role');
        console.log(err, err.stack);
    } else {
        // successful response
        console.log('Role assumed');

        // Query function
        var dynamodb = new AWS.DynamoDB({apiVersion: '2012-08-10', credentials: data, region: 'eu-west-1'});
        console.log("dynamo db   " + JSON.stringify(dynamodb));



        var params = {
            Key: {
            "Tid": {
            S: "123"
        },
        },
            TableName: "MYTable"
        };

        dynamodb.getItem(params, function(err, data) {
            if (err) { console.log(err, err.stack); console.log("failed"); }// an error occurred
            else  {   console.log(data);  console.log("success"); }         // successful response
        });

Following is the exact error :

{ CredentialsError: Missing credentials in config at credError (/var/task/node_modules/aws-sdk/lib/config.js:317:40) at getStaticCredentials (/var/task/node_modules/aws-sdk/lib/config.js:338:15) at Config.getCredentials

Thanks

2
node.jsamazon-web-servicesamazon-dynamodbamazon-iam

2 Answers

2
votes

I think you are missing the client configuration as per the error. Try the following;

python

    # Create IAM client
    sts_default_provider_chain = boto3.client('sts')

    print('Default Provider Identity: : ' + sts_default_provider_chain.get_caller_identity()['Arn'])

    role_to_assume_arn='arn:aws:iam::123456789012:role/roleName'
    role_session_name='test_session'

    response=sts_default_provider_chain.assume_role(
        RoleArn=role_to_assume_arn,
        RoleSessionName=role_session_name
    )

    creds=response['Credentials']

    sts_assumed_role = boto3.client('sts',
        aws_access_key_id=creds['AccessKeyId'],
        aws_secret_access_key=creds['SecretAccessKey'],
        aws_session_token=creds['SessionToken'],
    )

    print('AssumedRole Identity: ' + sts_assumed_role.get_caller_identity()['Arn'])

node

    const getSTS = async () => {
      const sts = new AWS.STS({ region: process.env.REGION });
      const params = {
        RoleArn: 'arn:aws:iam::1234567890:role/someRole',
        RoleSessionName: 'CrossAccountCredentials',
        ExternalId: '1234567-1234-1234-1234-123456789012',
        DurationSeconds: 3600,
      };

      const assumeRoleStep1 = await sts.assumeRole(params).promise();
      console.log('Changed Credentials');

      const accessparams = {
        accessKeyId: assumeRoleStep1.Credentials.AccessKeyId,
        secretAccessKey: assumeRoleStep1.Credentials.SecretAccessKey,
        sessionToken: assumeRoleStep1.Credentials.SessionToken,
      };
    }
1
votes

AWS.Credentials is helping in resolving getStaticCredentials. Also, now you can use this credential for accessing other resources as well if you have permission for those resources. This also helps you to just use credentials only for those resources which you need to access from other aws account. You don't need to set credential globally.

var sts = new AWS.STS({apiVersion: '2011-06-15', region:'us-east-1', endpoint: 'https://sts.amazonaws.com'});


console.log("Before calling the assume role");
sts.assumeRole({
    DurationSeconds: 3600,
    RoleArn: 'arn:aws:iam::123456789012:role/crossAccount',
    RoleSessionName: 'awssdk'
}, function(err, data) {
    if (err) {
        // an error occurred
        console.log('Cannot assume role');
        console.log(err, err.stack);
    } else {
        // successful response
        console.log('Role assumed');

        // resolving static credential
        var creds = new AWS.Credentials({
          accessKeyId: data.Credentials.AccessKeyId,
          secretAccessKey: data.Credentials.SecretAccessKey,
          sessionToken: data.Credentials.SessionToken
        });

        // Query function
        var dynamodb = new AWS.DynamoDB({apiVersion: configuration.API_VERSION, credentials:  creds, region: configuration.REGION});
        console.log("dynamo db   " + JSON.stringify(dynamodb));
        var params = {
            Key: {
              "Tid": {
                S: "123"
              },
            },
            TableName: "MYTable"
        };

        dynamodb.getItem(params, function(err, data) {
            if (err) { console.log(err, err.stack); console.log("failed"); }// an error occurred
            else  {   console.log(data);  console.log("success"); }         // successful response
        });
    }