By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can't retrieve parameters from Parameter Store from Node app running on EC2 Ubuntu

0

I'm trying to retrieve parameters from Parameter Store from a Node app running on EC2 Ubuntu, but the browser console throws this error: credentialserror: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1 ====== end of error ======

However, there's a role attached to the EC2 instance that grants EC2 access to SSM Parameter Store and I SUCCESSFULLY retrieve parameters from Parameter Store using the CLI in EC2 (using command: aws ssm get-parameter --name PARAMETER_NAME --region AWS_REGION --with-decryption). I tried to explicitly configure the AWS SDK to use the correct IAM role that is associated with the EC2 instance that the Node app is running on, I get the following type error states that EC2MetadataCredentials is not a constructor. According to the documentation, EC2MetadataCredentials is no longer supported, but I don't know another way to have my node app use the IAM role associated with EC2.

Topics
Security, Identity, & ComplianceManagement & GovernanceCompute
Tags
AWS Identity and Access ManagementAWS Command Line InterfaceAmazon EC2AWS Systems ManagerParameter Store
Language
English
atef
asked a year ago279 views
1 Answer
0

Hi, yes, I believe that you are on the right track: you must assume the EC2 execution role if you want your call to success.

If you look at https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-iam.html , it says

If you run your Node.js application on an Amazon EC2 instance, you can leverage IAM roles for Amazon EC2 to automatically
 provide credentials to the instance. If you configure your instance to use IAM roles, the SDK automatically selects the IAM
 credentials for your application, eliminating the need to manually provide credentials.

Then section "Global configuration Examples" of https://pinecone-forest.com/aws-guide-v0.0.65/Configuring-the-SDK-for-JavaScript.html will detail how to set those credentials

profile pictureAWS
EXPERT
Didier_Durand
answered a year ago
  • atef
    a year ago

    @Didier the role is already assumed and as I mentioned in my question I successfully retrieve parameters using the CLI on ec2. That means that the ec2 successfully assumes the correct role. The problem is with the node app not being able to assume the ec2 role. AFA global configuration, I don't think it's a good idea as the main purpose of associating a role to ec2 is eliminating the need for explicitly adding credentials in the app when making a call to aws services.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content