I'm trying to create a SSMClient in JavaScript/TypeScript. I've found a ton of examples but nothing seems to work. I'm trying to get a value from the SSM parameter store. Here is my latest:
const stsClient = new STSClient({ region: REGION });
const params = {
RoleArn: "arn:aws:iam::425112775363:policy/SSMFullAccessCognito",
RoleSessionName: "session1",
DurationSeconds: 900,
};
//Assume Role
const data = await stsClient.send(new AssumeRoleCommand(params));
const rolecreds = {
accessKeyId: data.Credentials!.AccessKeyId,
secretAccessKey: data.Credentials!.SecretAccessKey,
sessionToken: data.Credentials!.SessionToken,
};
const ssmClient = new SSMClient({ region: REGION });
console.info(ssmClient);
const cmd = new GetParameterCommand({ Name: 'test', WithDecryption: false });
const result = await ssmClient.send(cmd);
console.info(result);
With the above it says creds are missing, which they are. I just can't anywhere to convert "rolecreds" to Somethng SSM wants. I can assume the role fine and I get back valid creds.
I've found 100 different ways from multiple sources but nothing works. I'm running AWSv3.
CodePudding user response:
You don't seem to actually using roleCreds
.
If you look at the documentation for SSMClient
, you'll see that it takes an optional credential object which you need to use in your situation: (https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-ssm/interfaces/ssmclientconfig.html#credentials)
CodePudding user response:
Assuming the SSMFullAccessCognito
role has the correct permissions to access the required SSM parameter, what you have to do is to pass the rolecreds
object to the SSMClient
. You can do the following:
const data = await stsClient.send(new AssumeRoleCommand(params));
const rolecreds = {
accessKeyId: data.Credentials.AccessKeyId,
secretAccessKey: data.Credentials.SecretAccessKey,
sessionToken: data.Credentials.SessionToken,
expiration: data.Credentials.Expiration
};
const ssmClient = new SSMClient({ region: REGION, credentials: rolecreds });