Hi,
I already posted my problem in:
https://stackoverflow.com/questions/73702466/chainabletemporarycredentials-getpromise-and-missing-credentials-in-config-if-u
Basically it is the following.
When I use
const credentials = new ChainableTemporaryCredentials({
params: {
RoleArn: 'arn:aws:iam::${this.accountId}:role/${this.targetRoleName}',
RoleSessionName: this.targetRoleName,
},
masterCredentials: new WebIdentityCredentials({
RoleArn: 'arn:aws:iam::<proxyAccountId>:role/<proxyRoleName>',
RoleSessionName: this.proxyRoleName,
WebIdentityToken: token,
}),
})
await credentials.getPromise()
with token
a a token received from GCP-cloud do I still need some kind of AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY in my environment?
I don't think so, since the idea of the token is to grant access exactly without such credentials. Right?
(In the codeblock above I had to manipulate some charaters because the code-template here in the forum had some difficulties withe original 1:1 code...)
At runtime I get always an error message:
Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
I think I have not to use AWS_CONFIG_FILE: My application runs in GCP and just want access AWS via STS.
My token looks good so far as I would assess:
{
"aud": <here my email address of the service account in GCP>,
"azp": "21 digit number",
"email": <same email as under "aud">,
"email_verified": true,
"exp": <10 digit number>,
"iat": <10 digit number>,
"iss": "https://accounts.google.com",
"sub": "<same number as under azp>"
}
Are my expectations wrong? What is the reason for the error message?
Best regards
Thomas