By using AWS re:Post, you agree to the Terms of Use

Questions tagged with AWS IAM Identity Center

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

SDK and ChainableTemporaryCredentials

Hi, I already posted my problem in: Basically it is the following. When I use ``` const credentials = new ChainableTemporaryCredentials({ params: { RoleArn: 'arn:aws:iam::${this.accountId}:role/${this.targetRoleName}', RoleSessionName: this.targetRoleName, }, masterCredentials: new WebIdentityCredentials({ RoleArn: 'arn:aws:iam::<proxyAccountId>:role/<proxyRoleName>', RoleSessionName: this.proxyRoleName, WebIdentityToken: token, }), }) await credentials.getPromise() ``` with `token` a a token received from GCP-cloud do I still need some kind of AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY in my environment? I don't think so, since the idea of the token is to grant access exactly without such credentials. Right? (In the codeblock above I had to manipulate some charaters because the code-template here in the forum had some difficulties withe original 1:1 code...) At runtime I get always an error message: `Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1` I think I have not to use AWS_CONFIG_FILE: My application runs in GCP and just want access AWS via STS. My token looks good so far as I would assess: ``` { "aud": <here my email address of the service account in GCP>, "azp": "21 digit number", "email": <same email as under "aud">, "email_verified": true, "exp": <10 digit number>, "iat": <10 digit number>, "iss": "", "sub": "<same number as under azp>" } ``` Are my expectations wrong? What is the reason for the error message? Best regards Thomas
asked 3 days ago