@roadiehq/backstage-plugin-aws-auth
Advanced tools
Backend plugin that generates temporary credentials in order to perform requests to aws services from backstage's frontend
This is an example how you set api keys in your frontend application when using aws sdk:
async function generateCredentials(backendUrl: string) {
const resp = await (await fetch(`${backendUrl}/aws/credentials`)).json();
return new AWS.Credentials({
accessKeyId: resp.AccessKeyId,
secretAccessKey: resp.SecretAccessKey,
sessionToken: resp.SessionToken,
});
}
AWS.config.credentials = await generateCredentials(backendUrl);
You can specify an AWS IAM Role Arn in the body of the request to facilitate cross-account lookups via the Assume Role methodology. You will need to ensure the IAM credentials made available to Backstage have the sts:AssumeRole in its attached IAM policy. Note that this request must be a POST due to the requiring a body. It also requires an additional header as shown below.
async function generateCredentials(backendUrl: string) {
const reqBody = JSON.stringify({
RoleArn: 'arn:aws:iam::0123456789012:role/Example',
});
const resp = await (
await fetch(`${backendUrl}/aws/credentials`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: reqBody,
})
).json();
return new AWS.Credentials({
accessKeyId: resp.AccessKeyId,
secretAccessKey: resp.SecretAccessKey,
sessionToken: resp.SessionToken,
});
}
AWS.config.credentials = await generateCredentials(backendUrl);
Please create an IAM user (with api keys capabilities) with permissions as little as possible to perform actions from backstage (e.g. only operation lambda:GetFunction with specified resource list)
then, please set environment variables with api keys from previously create IAM user. The plugin will use default AWS credential provider chain if environment variables are not set. You can find more information about credential provider chain from AWS docs.
You can run plugin locally as standalone by:
export AWS_ACCESS_KEY_ID=x
export AWS_ACCESS_KEY_SECRET=x
yarn start
To add plugin to the backstage app, you have to install it in the packages/backend directory:
yarn add @roadiehq/backstage-plugin-aws-auth
And paste following code snippets:
// packages/backend/src/plugins/aws.ts
import { createRouter } from '@roadiehq/backstage-plugin-aws-auth';
import type { PluginEnvironment } from '../types';
export default async function createPlugin({ logger }: PluginEnvironment) {
return await createRouter(logger);
}
// packages/backend/src/index.ts
import aws from './plugins/aws';
...
const awsEnv = useHotMemoize(module, () => createEnv('aws'));
...
const apiRouter = Router();
...
apiRouter.use('/aws', await aws(awsEnv));
Roadie gives you a hassle-free, fully customisable SaaS Backstage. Find out more here: https://roadie.io.
FAQs
Unknown package
We found that @roadiehq/backstage-plugin-aws-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.