AWS.CredentialProviderChain — AWS SDK for JavaScript (original) (raw)

We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Overview

Creates a credential provider chain that searches for AWS credentials in a list of credential providers specified by the providers property.

By default, the chain will use the defaultProviders to resolve credentials. These providers will look in the environment using theAWS.EnvironmentCredentials class with the 'AWS' and 'AMAZON' prefixes.

Setting Providers

Each provider in the providers list should be a function that returns a AWS.Credentials object, or a hardcoded credentials object. The function form allows for delayed execution of the credential construction.

Resolving Credentials from a Chain

Call resolve() to return the first valid credential object that can be loaded by the provider chain.

For example, to resolve a chain with a custom provider that checks a file on disk after the set of defaultProviders:

var diskProvider = new AWS.FileSystemCredentials('./creds.json');
var chain = new AWS.CredentialProviderChain();
chain.providers.push(diskProvider);
chain.resolve();

The above code will return the diskProvider object if the file contains credentials and the defaultProviders do not contain any credential settings.

Constructor Summarycollapse

• new AWS.CredentialProviderChain(providers) ⇒ void constructor
  Creates a new CredentialProviderChain with a default set of providers specified by defaultProviders.

Property Summarycollapse

• defaultProviders ⇒ Object static readwrite
  The default set of providers used by a vanilla CredentialProviderChain.
• providers ⇒ Array<AWS.Credentials, Function> readwrite
  A list of credentials objects or functions that return credentials objects.

Properties inherited from AWS.Credentials

expired, expireTime, accessKeyId, secretAccessKey, sessionToken, expiryWindow

Method Summarycollapse

• resolve(callback) ⇒ AWS.CredentialProviderChain
  Resolves the provider chain by searching for the first set of credentials in providers.
• resolvePromise() ⇒ Promise
  Returns a 'thenable' promise.

Methods inherited from AWS.Credentials

needsRefresh, get, getPromise, refreshPromise, refresh

Constructor Details

new AWS.CredentialProviderChain(providers) ⇒ void

Creates a new CredentialProviderChain with a default set of providers specified by defaultProviders.

Property Details

defaultProviders ⇒ Object

The default set of providers used by a vanilla CredentialProviderChain.

In the browser:

AWS.CredentialProviderChain.defaultProviders = []

In Node.js:

AWS.CredentialProviderChain.defaultProviders = [
  function () { return new AWS.EnvironmentCredentials('AWS'); },
  function () { return new AWS.EnvironmentCredentials('AMAZON'); },
  function () { return new AWS.SsoCredentials(); },
  function () { return new AWS.SharedIniFileCredentials(); },
  function () { return new AWS.ECSCredentials(); },
  function () { return new AWS.ProcessCredentials(); },
  function () { return new AWS.TokenFileWebIdentityCredentials(); },
  function () { return new AWS.EC2MetadataCredentials() }
]

providers ⇒ Array<AWS.Credentials, Function>

Returns a list of credentials objects or functions that return credentials objects. If the provider is a function, the function will be executed lazily when the provider needs to be checked for valid credentials. By default, this object will be set to thedefaultProviders.

Method Details

resolvePromise() ⇒ Promise

Returns a 'thenable' promise. Resolves the provider chain by searching for the first set of credentials in providers.

Two callbacks can be provided to the then method on the returned promise. The first callback will be called if the promise is fulfilled, and the second callback will be called if the promise is rejected.