Ini file takes over env variables for specifying credentials

[rprovodenko]

Describe the bug

When specifying AWS_PROFILE, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN and AWS_CREDENTIAL_EXPIRATION sdk still uses the ini file for credentials. V2 SDK works fine.

    const sts = new STS({});
    console.log(await sts.getCallerIdentity().promise()); // logs correct user from AWS_PROFILE
    const client = new STSClient({ region: "us-east-1" });
    const command = new GetCallerIdentityCommand();
    console.log(await client.send(command)) // logs incorrect user from the ini file

Must be because of this line: https://github.com/aws/aws-sdk-js-v3/blob/main/packages/credential-provider-node/src/index.ts#L57

Your environment

SDK version number

@aws-sdk/[email protected]

Is the issue in the browser/Node.js/ReactNative?

Node.js

[vudh1]

Hi @rostislavdeepcrawl thanks for reaching out. I am able to reproduce your problem. We will investigate this problem more. Also, you can only set AWS_PROFILE or set AWS_ACCSS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN would overwrite the user of AWS_PROFILE.

Getting the correct behavior from JS v2 and CLI v1/v2 that returns the user from AWS_PROFILE.

const sts = new AWS.STS({}); //v2.1044.0
console.log(await sts.getCallerIdentity().promise());

$ AWS_PROFILE=<NAME> AWS STS get-caller-identity

However, for JS v3 SDK:

const command = new GetCallerIdentityCommand();
console.log(await client.send(command)) 

This returns the user from ini file.

[kuhe]

I'm not able to reproduce this on the latest version, setting to closing-soon.

[github-actions[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.