问题描述
我正在测试@ aws-sdk版本3,并且试图从配置文件中加载配置文件(效果很好),然后承担角色。这是我不知道该怎么做的地方。在aws-sdk版本2中,我确实喜欢这样
AWS.config.credentials = new AWS.TemporaryCredentials({
RoleArn: 'arn:aws:iam::XXX:role/XXX',},new AWS.SharedIniFileCredentials({ profile: 'myprofile' }));
}
如何使用新的SDK执行相同的操作?要只传递个人资料名称,我这样做
const { SSM } = require('@aws-sdk/client-ssm-node');
const ssm = new SSM({
profile: 'myprofile'
});
我已经安装了@ aws-sdk / credential-provider-node和@ aws-sdk / credential-provider-ini,但没有成功弄清楚如何传递所需的凭据,此处的文档{{3 }}并没有告诉我太多。那么,我该怎么做?
解决方法
原来,我看错了nuget包。承担角色是做到这一点的一种方法。
const { SSM } = require('@aws-sdk/client-ssm-node');
const { STSClient,AssumeRoleCommand } = require('@aws-sdk/client-sts-node');
const sTS = new STSClient({ profile: 'myProfile' });
const params = {
RoleArn: 'arn:aws:iam::XXX:role/XXX',RoleSessionName: 'tempUser',};
const assumeRoleCommand = new AssumeRoleCommand(params);
let assumedRole = null;
try {
assumedRole = await sTS.send(assumeRoleCommand);
} catch (error) {
console.log(error);
}
const ssm = new SSM({
profile: 'myProfile',credentials: {
accessKeyId: assumedRole.Credentials.AccessKeyId,secretAccessKey: assumedRole.Credentials.SecretAccessKey,expiration: assumedRole.Credentials.Expiration,sessionToken: assumedRole.Credentials.SessionToken,},});