feat: Support for AWS Temporal Credentials Authentication via AWS_SESSION_TOKEN env variable

[ggallotti]

AWS Temporal Credentials Support

Support for uploading files with Temporal AWS Credentials obtained using the AWS STS Service.

Usage sample:

export AWS_ACCESS_KEY_ID=%acceskey%
export AWS_SECRET_ACCESS_KEY=%secretKey%
export AWS_SESSION_TOKEN=%sessionToken%

or via Custom NG_DEPLOY variables:

export NG_DEPLOY_AWS_ACCESS_KEY_ID=%acceskey%
export NG_DEPLOY_AWS_SECRET_ACCESS_KEY=%secretKey%
export NG_DEPLOY_AWS_SESSION_TOKEN=%sessionToken%

• Added Github Action for Testing actual deployment to S3
• Added S3 Minimal policy for IAM access

[nx-cloud[bot]]

☁️ Nx Cloud Report

CI is running/has finished running commands for commit ef0200e8434e5a090a42e58aaad96ac7049c0c9f. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this branch

---

🟥 Failed Commands
nx deploy

✅ Successfully ran 3 targets

• nx run-many --target=build --all --parallel=true --with-deps=true --prod
• nx run-many --target=build --all --parallel=true --with-deps=true --prod
• nx run-many --target=build --all --parallel=true --with-deps=true --prod

---

Sent with 💌 from NxCloud.

[Jefiozie]

So the change itself looks good, could you tell me if I would use a session token if the aws authentication still works? I didn't know this part of authentication in aws exists

[Jefiozie]

ohw.. and thank you for the PR great to see these kind of changes fro. the community

[ggallotti]

Thanks for the response! I did check that it's working for "traditional" credentials or temporal credentials.

However, I think that it would be useful to add a Github Pipeline to automate these tests (actual aws s3 upload). I will work on this an keep you posted.

[ggallotti]

@Jefiozie, i've added a new github action in order to test automatically the s3 upload.

Could you?

1. Review and approve workflow
2. Add secrets to repository configuration:

• aws_access_id
• aws_access_key

I've sent the AWS Secret + AWS Key by Twitter DM today.

[segfault79]

Hi, any progress here? What is still missing? Also need this change to copy in the context of another IAM role.

[ggallotti]

@segfault79, unfortunately @Jefiozie could not merge this PR. However, this PR is working and published in NPM. In the meantime you can use from forked NPM package

[Jefiozie]

Thanks for commenting on this PR again, I'm sorry I've not been that responsive. I will have a look soon and inform you what the status is of the PR. If everything is working as should we can merge this in and release a version.

[brenda-paz]

Hello @Jefiozie @ggallotti, my team and I were interested in this PR as the usage of AWS IAM Users Access Keys does not follow best practices, we were wondering if this solution is still considered as it fixes this problem. Is there any planning for merging it in the future?

[ggallotti]

Hello @Jefiozie @ggallotti, my team and I were interested in this PR as the usage of AWS IAM Users Access Keys does not follow best practices, we were wondering if this solution is still considered as it fixes this problem. Is there any planning for merging it in the future?

@Jefiozie couldn't merge yet this PR. However, I needed this feature in production, so made a fork and published to npm: https://www.npmjs.com/package/@genexus/ngx-aws-deploy You can use it if you want. This fork is being used by many customers monthly.