Employee Spotlight
From Academia to Industry
Philipp Burckhardt recounts his journey from childhood computer fascinations, to building an e-learning platform at Carnegie Mellon University, and on to his current role at Socket.
@aws-sdk/credential-provider-imds
Advanced tools
AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service
Package description
@aws-sdk/credential-provider-imds is a part of the AWS SDK for JavaScript. It provides a way to retrieve AWS credentials from the Instance Metadata Service (IMDS) on Amazon EC2 instances. This is particularly useful for applications running on EC2 instances that need to interact with other AWS services securely.
Retrieve Credentials from IMDS
This feature allows you to retrieve AWS credentials from the Instance Metadata Service (IMDS) on an EC2 instance. The code sample demonstrates how to use these credentials to make a call to the AWS STS service to get the caller identity.
const { fromInstanceMetadata } = require('@aws-sdk/credential-provider-imds');
const { STSClient, GetCallerIdentityCommand } = require('@aws-sdk/client-sts');
(async () => {
const client = new STSClient({
credentials: fromInstanceMetadata(),
});
const command = new GetCallerIdentityCommand({});
const response = await client.send(command);
console.log(response);
})();
Handle IMDS Timeout
This feature allows you to specify a timeout for the IMDS request. The code sample demonstrates how to set a 1-second timeout for retrieving credentials from IMDS and handle any potential errors.
const { fromInstanceMetadata } = require('@aws-sdk/credential-provider-imds');
const { STSClient, GetCallerIdentityCommand } = require('@aws-sdk/client-sts');
(async () => {
const client = new STSClient({
credentials: fromInstanceMetadata({ timeout: 1000 }), // 1 second timeout
});
const command = new GetCallerIdentityCommand({});
try {
const response = await client.send(command);
console.log(response);
} catch (error) {
console.error('Error retrieving credentials:', error);
}
})();
The 'aws-sdk' package is the previous version of the AWS SDK for JavaScript. It also provides functionality to retrieve credentials from the Instance Metadata Service (IMDS) on EC2 instances. However, the new modular AWS SDK v3, which includes @aws-sdk/credential-provider-imds, offers better performance and smaller bundle sizes.
The 'aws-ec2-metadata' package provides a simple interface to retrieve metadata and user data from the EC2 instance metadata service. While it can retrieve instance metadata, it does not directly provide AWS credentials like @aws-sdk/credential-provider-imds.
The 'aws-sdk-credentials' package is a lightweight library for managing AWS credentials. It supports various credential providers, including environment variables and shared credentials files, but does not specifically focus on retrieving credentials from the Instance Metadata Service (IMDS) like @aws-sdk/credential-provider-imds.
Changelog
1.0.0-rc.2 (2020-10-22)
Readme
This module provides two CredentialProvider
factory functions,
fromContainerMetadata
and fromInstanceMetadata
, that will create
CredentialProvider
functions that read from the ECS container metadata service
and the EC2 instance metadata service, respectively.
A CredentialProvider
function created with fromContainerMetadata
will return
a promise that will resolve with credentials for the IAM role associated with
containers in an Amazon ECS task. Please see IAM Roles for Tasks
for more information on using IAM roles with Amazon ECS.
A CredentialProvider
function created with fromInstanceMetadata
will return
a promise that will resolve with credentials for the IAM role associated with
an EC2 instance. Please see IAM Roles for Amazon EC2
for more information on using IAM roles with Amazon EC2.
You may customize how credentials are resolved by providing an options hash to
the fromContainerMetadata
and fromInstanceMetadata
factory functions. The
following options are supported:
timeout
- The connection timeout (in milliseconds) to apply to any remote
requests. If not specified, a default value of 1000
(one second) is used.maxRetries
- The maximum number of times any HTTP connections should be
retried. If not specified, a default value of 0
will be used.Additionally, fromInstanceMetadata
supports the following options:
profile
- The configuration profile to use. If not specified, the provider
will use default profile name associated with the EC2 instance as reported by
the Instance Metadata Service.FAQs
AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service
The npm package @aws-sdk/credential-provider-imds receives a total of 2,973,220 weekly downloads. As such, @aws-sdk/credential-provider-imds popularity was classified as popular.
We found that @aws-sdk/credential-provider-imds demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Employee Spotlight
Philipp Burckhardt recounts his journey from childhood computer fascinations, to building an e-learning platform at Carnegie Mellon University, and on to his current role at Socket.
Security News
Git dependencies in open source packages can introduce significant risks, including lack of version control, stability issues, dependency drift, and difficulty in auditing, making them potential targets for supply chain attacks.
Security News
Node.js has added experimental support for TypeScript, a move that highlights the growing importance of TypeScript in modern development.