I have an s3 bucket which is set to allow listing for the public. When I do:
aws s3 ls s3://bucket_name/prefix/ --no-sign-request
I manage to successfully list the bucket. I would like to list it within an application that uses aws-sdk for Node.js. There, I do:
import AWS from 'aws-sdk';
const s3 = new AWS.S3();
s3.listObjectsV2({Bucket: bucket_name, Prefix: prefix, Delimiter: "/"}, ...
but I get an error:
message: 'Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1',
2021-09-17T12:40:33.459881 00:00 app[web.1]: code: 'CredentialsError',
2021-09-17T12:40:33.459881 00:00 app[web.1]: errno: 'ECONNREFUSED',
2021-09-17T12:40:33.459882 00:00 app[web.1]: syscall: 'connect',...
2021-09-17T12:40:33.459883 00:00 app[web.1]: time: 2021-09-17T12:40:33.459Z,
2021-09-17T12:40:33.459884 00:00 app[web.1]: originalError:
2021-09-17T12:40:33.459884 00:00 app[web.1]: { message: 'Could not load credentials from any providers',
2021-09-17T12:40:33.459884 00:00 app[web.1]: code: 'CredentialsError',
2021-09-17T12:40:33.459884 00:00 app[web.1]: errno: 'ECONNREFUSED',
2021-09-17T12:40:33.459885 00:00 app[web.1]: syscall: 'connect',...
2021-09-17T12:40:33.459886 00:00 app[web.1]: time: 2021-09-17T12:40:33.459Z,
2021-09-17T12:40:33.459886 00:00 app[web.1]: originalError:
2021-09-17T12:40:33.459886 00:00 app[web.1]: { message: 'EC2 Metadata roleName request returned error',
2021-09-17T12:40:33.459887 00:00 app[web.1]: code: 'ECONNREFUSED',
2021-09-17T12:40:33.459887 00:00 app[web.1]: errno: 'ECONNREFUSED',
2021-09-17T12:40:33.459888 00:00 app[web.1]: syscall: 'connect',... }
It looks as if the SDK is trying to get the credentials even though the resource is available without them. Is it possible to mark the request to be made without asking for credentials?
CodePudding user response:
To prevent the SDK from requiring the credentials, you need to use the makeUnauthenticatedRequest method to place any calls. This allows you to call "an operation on a service with the given input parameters, without any authentication data".
var AWS = require('aws-sdk');
AWS.config.update({region: 'us-west-2'});
s3 = new AWS.S3();
s3.makeUnauthenticatedRequest(
'listObjects',
{ Bucket : '-example-bucket-name-', },
function(err, data) {
if (err) {
console.log("Error", err);
} else {
console.log("Success", data);
}
}
);
Older versions of the SDK could accomplish the same thing calling send() after calling removeListener on the validate and sign listeners.