@roadiehq/backstage-plugin-aws-auth
Advanced tools
Backend plugin that generates temporary credentials in order to perform requests to aws services from backstage's frontend
Backend plugin that generates temporary credentials in order to perform requests to aws services from backstage's frontend
This is an example how you set api keys in your frontend application when using aws sdk:
async function generateCredentials(backendUrl: string) {
const resp = await (await fetch(`${backendUrl}/aws/credentials`)).json();
return new AWS.Credentials({
accessKeyId: resp.AccessKeyId,
secretAccessKey: resp.SecretAccessKey,
sessionToken: resp.SessionToken,
});
}
AWS.config.credentials = await generateCredentials(backendUrl);
You can specify an AWS IAM Role Arn in the body of the request to facilitate cross-account lookups via the Assume Role methodology. You will need to ensure the IAM credentials made available to Backstage have the sts:AssumeRole in its attached IAM policy. Note that this request must be a POST due to the requiring a body. It also requires an additional header as shown below.
async function generateCredentials(backendUrl: string) {
const reqBody = JSON.stringify({
RoleArn: 'arn:aws:iam::0123456789012:role/Example',
});
const resp = await (
await fetch(`${backendUrl}/aws/credentials`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: reqBody,
})
).json();
return new AWS.Credentials({
accessKeyId: resp.AccessKeyId,
secretAccessKey: resp.SecretAccessKey,
sessionToken: resp.SessionToken,
});
}
AWS.config.credentials = await generateCredentials(backendUrl);
Please create an IAM user (with api keys capabilities) with permissions as little as possible to perform actions from backstage (e.g. only operation lambda:GetFunction with specified resource list)
then, please set environment variables with api keys from previously create IAM user. The plugin will use default AWS credential provider chain if environment variables are not set. You can find more information about credential provider chain from AWS docs.
You can run plugin locally as standalone by:
export AWS_ACCESS_KEY_ID=x
export AWS_ACCESS_KEY_SECRET=x
yarn start
To add plugin to the backstage app, you have to install it in the packages/backend directory:
yarn add @roadiehq/backstage-plugin-aws-auth
And paste following code snippets:
// packages/backend/src/plugins/aws.ts
import { createRouter } from '@roadiehq/backstage-plugin-aws-auth';
import type { PluginEnvironment } from '../types';
export default async function createPlugin({ logger }: PluginEnvironment) {
return await createRouter(logger);
}
// packages/backend/src/index.ts
import aws from './plugins/aws';
...
const awsEnv = useHotMemoize(module, () => createEnv('aws'));
...
const apiRouter = Router();
...
apiRouter.use('/aws', await aws(awsEnv));
FAQs
Unknown package
The npm package @roadiehq/backstage-plugin-aws-auth receives a total of 48 weekly downloads. As such, @roadiehq/backstage-plugin-aws-auth popularity was classified as not popular.
We found that @roadiehq/backstage-plugin-aws-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.
Security News
Biden's executive order pushes for AI-driven cybersecurity, software supply chain transparency, and stronger protections for federal and open source systems.