How can I load a profile from .configuration file and assume a role based on the role arn?

0
votes

I'm testing @aws-sdk version 3 and I'm trying to load a profile from my configuration file (which works fine) and then assume a role. This is where I can't figure out how to do that. In aws-sdk version 2 I do like this

AWS.config.credentials = new AWS.TemporaryCredentials({
    RoleArn: 'arn:aws:iam::XXX:role/XXX',
    }, new AWS.SharedIniFileCredentials({ profile: 'myprofile' }));
}

How do I do the same thing using the new sdk? To just pass the profile name I do this

const { SSM } = require('@aws-sdk/client-ssm-node');
const ssm = new SSM({
    profile: 'myprofile'
});

I have installed both @aws-sdk/credential-provider-node and @aws-sdk/credential-provider-ini but with no success in figuring out how to pass the credentials like I want, the documentation here https://www.npmjs.com/package/@aws-sdk/credential-provider-node doesn't tell me much. So, how do I do that?

1
amazon-web-servicesaws-sdk-nodejs

1 Answers

0
votes

It turns out I looked at the wrong nuget package. To assume a role this is one way to do it.

const { SSM } = require('@aws-sdk/client-ssm-node');
const { STSClient, AssumeRoleCommand } = require('@aws-sdk/client-sts-node');
const sTS = new STSClient({ profile: 'myProfile' });
const params = {
    RoleArn: 'arn:aws:iam::XXX:role/XXX',
    RoleSessionName: 'tempUser',
};

const assumeRoleCommand = new AssumeRoleCommand(params);
let assumedRole = null;
try {
    assumedRole = await sTS.send(assumeRoleCommand);
} catch (error) {
    console.log(error);
}

const ssm = new SSM({
    profile: 'myProfile',
    credentials: {
        accessKeyId: assumedRole.Credentials.AccessKeyId,
        secretAccessKey: assumedRole.Credentials.SecretAccessKey,
        expiration: assumedRole.Credentials.Expiration,
        sessionToken: assumedRole.Credentials.SessionToken,
    },
});