DynamoDBtoCSV icon indicating copy to clipboard operation
DynamoDBtoCSV copied to clipboard

Published 20 hours ago verified publisher icon edasque

Assume Role

Open rashidcmb opened this issue 7 years ago • 4 comments

Can we assume role and use the same script

rashidcmb avatar Apr 28 '17 17:04 rashidcmb

Yes. I'd love to be able to use this in a lambda function.

MichaelDavisTSN avatar May 22 '19 17:05 MichaelDavisTSN

@rashidcmb @MichaelDavisTSN do you want to submit a PR?

edasque avatar May 22 '19 19:05 edasque

For those that need to get this to work with an assumed role. Just add a sessionToken to config.json and then add sessionToken: process.env.AWS_SESSION_TOKEN to the dynamoDBtoCSV.js file just after secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY.

Once you do that, it works perfectly.

A proper PR would have it look for the token and use it if it was present or handle it like it's handling MFA tokens. I might work try to submit one at some point. But wanted to get this out there in case anybody else needed to get it working with assumed role credentials.

jasonwilk avatar May 14 '20 16:05 jasonwilk

@jasonwilk

Note: I'm not a Node JS developer.

It seems this method no longer works. I get this error:

at Request.extractError (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/protocol/json.js:52:27) at Request.callListeners (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/sequential_executor.js:106:20) at Request.emit (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:686:14) at Request.transition (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/state_machine.js:14:12) at /home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request. (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:38:9) at Request. (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/request.js:688:12) at Request.callListeners (/home/develop/projects/VSCode/DynamoDB/DynamoDBtoCSV/node_modules/aws-sdk/lib/sequential_executor.js:116:18) { code: 'UnrecognizedClientException', time: 2022-05-05T15:32:01.612Z, requestId: 'LQ0H37PSIHR1IPJFRIKDVN9VIRVV4KQNSO5AEMVJF66Q9ASUAAJG', statusCode: 400, retryable: false, retryDelay: 47.53354422765167 }

config.json

{
    "accessKeyId": "<SECRET_KEY_ID>",
    "secretAccessKey": "<SECRET_ACCESS_KEY>",
    "sessionToken" : "<SESSION_TOKEN_FROM_ENV>",
    "region": "us-west-2"
}

dynamoDBtoCSV.js

if (options.envcreds) {
  let newCreds = AWS.config.credentials;
  newCreds.profile = options.profile;
  AWS.config.update({
    credentials: {
      accessKeyId: process.env.AWS_ACCESS_KEY_ID,
      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
      sessionToken: process.env.AWS_SESSION_TOKEN
    },
    region: process.env.AWS_DEFAULT_REGION
  });
}

Environment

env | grep AWS_SESSION_TOKEN

AWS_SESSION_TOKEN=<AWS_SESSION_TOKEN>

rknechtel avatar May 05 '22 15:05 rknechtel