- Newest
- Most votes
- Most comments
Hi Phil,
The default provider chain should select the TES credentials if other providers with higher precedence are not available (https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_credential_providers.html#fromnodeproviderchain) but you can also force it to use the container credential provider using https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_credential_providers.html#fromcontainermetadata-1.
From your error it seems that you have either forced the client to use the SSO provider or you have your host configured to use SSO but without a valid token. Normally Greengrass is installed on devices that do not have SSO authentication configured, but if you are installing it on a development machine that could happen. I would advice then to force your code to use the Container Metadata provider as pointed above.
Cheers,
Massimiliano
Hello Massimiliano,
Thanks very much for your help.
I had a few questions: As you mentioned I am testing this on a development machine. What would the credential provider be looking for to use the SSO provider? I understand that fromEnv() looks for: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env variables. So what would I have on my system that would point it to SSO Provider and how to remove it?
I believe there is an error in the documentation on the reference you provided.
https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_credential_providers.html#fromcontainermetadata-1
the example is incorrect
you import fromContainerMetadata
however you use the fromInstanceMetadata
in the credentials provider. This throws an error.
I changed the code to
const {
fromContainerMetadata
} = require("@aws-sdk/credential-providers")
var secretsClient = new SecretsManagerClient({
region: <REGION>,
credentials: fromContainerMetadata({
// Optional. The connection timeout (in milliseconds) to apply to any remote requests. If not specified, a default value
// of`1000` (one second) is used.
timeout: 1000,
// Optional. The maximum number of times any HTTP connections should be retried. If not specified, a default value of `0`
// will be used.
maxRetries: 0,
})
});
and I can confirm that this now works as expected.
Can I create an issue for this somewhere?
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
Hello,
Additionally to this question, when I reboot my device the first time it requests the credentials I get an Error:
Could not load credentials from any providers CredentialsProviderError: Could not load credentials from any providers at
I then look at my greengrass log and approx 2 seconds after and it caches the credentials:
Received IAM credentials that will be cached until 2022-11-21T00:33:37Z.
I have to manually restart the node js app for it to receive the credentials. How to handle automatic retries to ensure the credentials have been fetched?