Set credentials in Node.js - AWS SDK for JavaScript (original) (raw)
We recommend that new users who are developing locally and are not given a method of authentication by their employer to set up AWS IAM Identity Center. For more information, see SDK authentication with AWS.
There are several ways in Node.js to supply your credentials to the SDK. Some of these are more secure and others afford greater convenience while developing an application. When obtaining credentials in Node.js, be careful about relying on more than one source, such as an environment variable and a JSON file you load. You can change the permissions under which your code runs without realizing the change has happened.
AWS SDK for JavaScript V3 provides a default credential provider chain in Node.js, so you are not required to supply a credential provider explicitly. The default credential provider chain attempts to resolve the credentials from a variety of different sources in a given precedence, until a credential is returned from the one of the sources. You can find the credential provider chain for SDK for JavaScript V3 here.
Credential provider chain
All SDKs have a series of places (or sources) that they check in order to get valid credentials to use to make a request to an AWS service. After valid credentials are found, the search is stopped. This systematic search is called the default credential provider chain.
For each step in the chain, there are different ways to set the values. Setting values directly in code always takes precedence, followed by setting as environment variables, and then in the shared AWS config file. For more information, see Precedence of settings in the AWS SDKs and Tools Reference Guide.
The AWS SDKs and Tools Reference Guide has information on SDK configuration settings used by all AWS SDKs and the AWS CLI. To learn more about how to configure the SDK through the shared AWS config file, see Shared config and credentials files. To learn more about how to configure the SDK through setting environment variables, see Environment variables support.
To authenticate with AWS, the AWS SDK for JavaScript checks the credential providers in the order listed in the following table.
If you followed the recommended approach for new users to get started, you set up AWS IAM Identity Center authentication during SDK authentication with AWS of the Getting started topic. Other authentication methods are useful for different situations. To avoid security risks, we recommend always using short-term credentials. For other authentication method procedures, see Authentication and access in the_AWS SDKs and Tools Reference Guide_.
The topics in this section describe how to load credentials into Node.js.