Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The aws-sdk npm package is the official AWS SDK for JavaScript, providing JavaScript objects for AWS services including Amazon S3, EC2, DynamoDB, and more. It allows developers to interact with AWS services programmatically, enabling them to build scalable solutions with AWS infrastructure.
Interacting with Amazon S3
This code sample demonstrates how to retrieve an object from an Amazon S3 bucket using the aws-sdk.
{"const AWS = require('aws-sdk');
const s3 = new AWS.S3();
const params = { Bucket: 'myBucket', Key: 'myKey' };
s3.getObject(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
Managing EC2 Instances
This code sample shows how to describe EC2 instances, providing information about instances running in your AWS account.
{"const AWS = require('aws-sdk');
const ec2 = new AWS.EC2();
const params = { InstanceIds: ['i-1234567890abcdef0'] };
ec2.describeInstances(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
Working with DynamoDB
This code sample illustrates how to retrieve an item from a DynamoDB table using the aws-sdk.
{"const AWS = require('aws-sdk');
const dynamoDB = new AWS.DynamoDB();
const params = {
TableName: 'myTable',
Key: {
'myKey': { S: 'myKeyValue' }
}
};
dynamoDB.getItem(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
The google-cloud package is a client library for accessing Google Cloud services similar to how aws-sdk accesses AWS services. It supports services like Google Cloud Storage, BigQuery, and more. While aws-sdk is specific to AWS, google-cloud is tailored for Google Cloud Platform.
The ali-oss package is an SDK for Alibaba Cloud's OSS (Object Storage Service). It offers a subset of the features provided by aws-sdk, but specifically for Alibaba Cloud's storage service. It's a more specialized tool compared to the broad service coverage of aws-sdk.
The official AWS SDK for JavaScript, available for browsers and mobile devices, or Node.js backends
Release notes can be found at http://aws.amazon.com/releasenotes/SDK/JavaScript
If you are upgrading from 1.x to 2.0 of the SDK, please see the {file:UPGRADING.md} notes for information on how to migrate existing code to work with the new major version.
To use the SDK in the browser, simply add the following script tag to your HTML pages:
<script src="https://sdk.amazonaws.com/js/aws-sdk-2.3.3.min.js"></script>
You can also build a custom browser SDK with your specified set of AWS services. This can allow you to reduce the SDK's size, specify different API versions of services, or use AWS services that don't currently support CORS if you are working in an environment that does not enforce CORS. To get started:
http://docs.aws.amazon.com/AWSJavaScriptSDK/guide/browser-building.html
The AWS SDK is also compatible with browserify.
The preferred way to install the AWS SDK for Node.js is to use the npm package manager for Node.js. Simply type the following into a terminal window:
npm install aws-sdk
You can also use Bower to install the SDK by typing the following into a terminal window:
bower install aws-sdk-js
You can find a getting started guide at:
http://docs.aws.amazon.com/AWSJavaScriptSDK/guide/
Note: Although all services are supported in the browser version of the SDK, not all of the services are available in the default hosted build (using the script tag provided above). A list of services in the hosted build are provided in the "Working With Services" section of the browser SDK guide, including instructions on how to build a custom version of the SDK with extra services.
The SDK currently supports the following services:
Service Name | Class Name | API Version |
---|---|---|
Amazon API Gateway | AWS.APIGateway | 2015-07-09 |
Amazon CloudFront | AWS.CloudFront | 2014-10-21 |
Amazon CloudHSM | AWS.CloudHSM | 2014-05-30 |
Amazon CloudSearch | AWS.CloudSearch | 2013-01-01 |
Amazon CloudSearch Domain | AWS.CloudSearchDomain | 2013-01-01 |
Amazon CloudWatch | AWS.CloudWatch | 2010-08-01 |
Amazon CloudWatch Events | AWS.CloudWatchLogs | 2015-10-07 |
Amazon CloudWatch Logs | AWS.CloudWatchLogs | 2014-03-28 |
Amazon Cognito Identity | AWS.CognitoIdentity | 2014-06-30 |
Amazon Cognito Sync | AWS.CognitoSync | 2014-06-30 |
Amazon DynamoDB | AWS.DynamoDB | 2012-08-10 |
Amazon DynamoDB Streams | AWS.DynamoDBStreams | 2012-08-10 |
Amazon EC2 Container Registry | AWS.ECR | 2015-09-21 |
Amazon EC2 Container Service | AWS.ECS | 2014-11-13 |
Amazon Elastic Compute Cloud | AWS.EC2 | 2014-10-01 |
Amazon Elastic File System | AWS.EFS | 2015-02-01 |
Amazon Elastic MapReduce | AWS.EMR | 2009-03-31 |
Amazon Elastic Transcoder | AWS.ElasticTranscoder | 2012-09-25 |
Amazon ElastiCache | AWS.ElastiCache | 2014-09-30 |
Amazon Elasticsearch Service | AWS.ES | 2015-01-01 |
Amazon GameLift | AWS.GameLift | 2015-10-01 |
Amazon Glacier | AWS.Glacier | 2012-06-01 |
Amazon Inspector | AWS.Inspector | 2016-02-16 |
Amazon Kinesis | AWS.Kinesis | 2013-12-02 |
Amazon Kinesis Firehose | AWS.Firehose | 2015-08-04 |
Amazon Machine Learning | AWS.MachineLearning | 2014-12-12 |
Amazon Mobile Analytics | AWS.MobileAnalytics | 2014-06-05 |
Amazon Redshift | AWS.Redshift | 2012-12-01 |
Amazon Relational Database Service | AWS.RDS | 2014-09-01 |
Amazon Route 53 | AWS.Route53 | 2013-04-01 |
Amazon Route 53 Domains | AWS.Route53Domains | 2014-05-15 |
Amazon Simple Email Service | AWS.SES | 2010-12-01 |
Amazon Simple Notification Service | AWS.SNS | 2010-03-31 |
Amazon Simple Queue Service | AWS.SQS | 2012-11-05 |
Amazon Simple Storage Service | AWS.S3 | 2006-03-01 |
Amazon Simple Systems Management Service | AWS.SSM | 2014-11-06 |
Amazon Simple Workflow Service | AWS.SWF | 2012-01-25 |
Amazon SimpleDB | AWS.SimpleDB | 2009-04-15 |
Amazon WorkSpaces | AWS.WorkSpaces | 2015-04-08 |
Auto Scaling | AWS.AutoScaling | 2011-01-01 |
AWS Certificate Manager | AWS.ACM | 2015-12-08 |
AWS CloudFormation | AWS.CloudFormation | 2010-05-15 |
AWS CloudTrail | AWS.CloudTrail | 2013-11-01 |
AWS CodeCommit | AWS.CodeCommit | 2015-04-13 |
AWS CodeDeploy | AWS.CodeDeploy | 2014-10-06 |
AWS CodePipeline | AWS.CodePipeline | 2015-07-09 |
AWS Config | AWS.ConfigService | 2014-11-12 |
AWS Data Pipeline | AWS.DataPipeline | 2012-10-29 |
AWS Database Migration Service | AWS.DMS | 2016-01-01 |
AWS Device Farm | AWS.DeviceFarm | 2015-06-23 |
AWS Direct Connect | AWS.DirectConnect | 2012-10-25 |
AWS Directory Service | AWS.DirectoryService | 2015-04-16 |
AWS Elastic Beanstalk | AWS.ElasticBeanstalk | 2010-12-01 |
AWS Identity and Access Management | AWS.IAM | 2010-05-08 |
AWS Import/Export | AWS.ImportExport | 2010-06-01 |
AWS IoT | AWS.Iot | 2015-05-28 |
AWS IoT Data Plane | AWS.IotData | 2015-05-28 |
AWS Key Management Service | AWS.KMS | 2014-11-01 |
AWS Lambda | AWS.Lambda | 2015-03-31 |
AWS Marketplace Commerce Analytics | AWS.MarketplaceCommerceAnalytics | 2015-07-01 |
AWS Marketplace Metering | AWS.MarketplaceMetering | 2016-01-14 |
AWS OpsWorks | AWS.OpsWorks | 2013-02-18 |
AWS Security Token Service | AWS.STS | 2011-06-15 |
AWS Storage Gateway | AWS.StorageGateway | 2013-06-30 |
AWS Support | AWS.Support | 2013-04-15 |
AWS WAF | AWS.WAF | 2015-08-24 |
Elastic Load Balancing | AWS.ELB | 2012-06-01 |
This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.
FAQs
AWS SDK for JavaScript
We found that aws-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.