Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
@aws-sdk/credential-provider-imds
Advanced tools
AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service
@aws-sdk/credential-provider-imds is a part of the AWS SDK for JavaScript. It provides a way to retrieve AWS credentials from the Instance Metadata Service (IMDS) on Amazon EC2 instances. This is particularly useful for applications running on EC2 instances that need to interact with other AWS services securely.
Retrieve Credentials from IMDS
This feature allows you to retrieve AWS credentials from the Instance Metadata Service (IMDS) on an EC2 instance. The code sample demonstrates how to use these credentials to make a call to the AWS STS service to get the caller identity.
const { fromInstanceMetadata } = require('@aws-sdk/credential-provider-imds');
const { STSClient, GetCallerIdentityCommand } = require('@aws-sdk/client-sts');
(async () => {
const client = new STSClient({
credentials: fromInstanceMetadata(),
});
const command = new GetCallerIdentityCommand({});
const response = await client.send(command);
console.log(response);
})();
Handle IMDS Timeout
This feature allows you to specify a timeout for the IMDS request. The code sample demonstrates how to set a 1-second timeout for retrieving credentials from IMDS and handle any potential errors.
const { fromInstanceMetadata } = require('@aws-sdk/credential-provider-imds');
const { STSClient, GetCallerIdentityCommand } = require('@aws-sdk/client-sts');
(async () => {
const client = new STSClient({
credentials: fromInstanceMetadata({ timeout: 1000 }), // 1 second timeout
});
const command = new GetCallerIdentityCommand({});
try {
const response = await client.send(command);
console.log(response);
} catch (error) {
console.error('Error retrieving credentials:', error);
}
})();
The 'aws-sdk' package is the previous version of the AWS SDK for JavaScript. It also provides functionality to retrieve credentials from the Instance Metadata Service (IMDS) on EC2 instances. However, the new modular AWS SDK v3, which includes @aws-sdk/credential-provider-imds, offers better performance and smaller bundle sizes.
This module provides two CredentialProvider
factory functions,
fromContainerMetadata
and fromInstanceMetadata
, that will create
CredentialProvider
functions that read from the ECS container metadata service
and the EC2 instance metadata service, respectively.
A CredentialProvider
function created with fromContainerMetadata
will return
a promise that will resolve with credentials for the IAM role associated with
containers in an Amazon ECS task. Please see IAM Roles for Tasks
for more information on using IAM roles with Amazon ECS.
A CredentialProvider
function created with fromInstanceMetadata
will return
a promise that will resolve with credentials for the IAM role associated with
an EC2 instance.
Please see IAM Roles for Amazon EC2
for more information on using IAM roles with Amazon EC2.
Both IMDSv1 (a request/response method) and IMDSv2 (a session-oriented method) are supported.
Please see Configure the instance metadata service for more information.
You may customize how credentials are resolved by providing an options hash to
the fromContainerMetadata
and fromInstanceMetadata
factory functions. The
following options are supported:
timeout
- The connection timeout (in milliseconds) to apply to any remote
requests. If not specified, a default value of 1000
(one second) is used.maxRetries
- The maximum number of times any HTTP connections should be
retried. If not specified, a default value of 0
will be used.FAQs
AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service
The npm package @aws-sdk/credential-provider-imds receives a total of 2,768,550 weekly downloads. As such, @aws-sdk/credential-provider-imds popularity was classified as popular.
We found that @aws-sdk/credential-provider-imds demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.