Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Can't retrieve parameters from Parameter Store from Node app running on EC2 Ubuntu

0

I'm trying to retrieve parameters from Parameter Store from a Node app running on EC2 Ubuntu, but the browser console throws this error: credentialserror: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1 ====== end of error ======

However, there's a role attached to the EC2 instance that grants EC2 access to SSM Parameter Store and I SUCCESSFULLY retrieve parameters from Parameter Store using the CLI in EC2 (using command: aws ssm get-parameter --name PARAMETER_NAME --region AWS_REGION --with-decryption). I tried to explicitly configure the AWS SDK to use the correct IAM role that is associated with the EC2 instance that the Node app is running on, I get the following type error states that EC2MetadataCredentials is not a constructor. According to the documentation, EC2MetadataCredentials is no longer supported, but I don't know another way to have my node app use the IAM role associated with EC2.

Argomenti
Sicurezza, identità e conformitàGestione e amministrazioneComputazionali
Tag
Gestione identità e accesso AWSInterfaccia a riga di comando AWSAmazon EC2Gestore dei sistemi AWSMemorizzazione dei parametri
Lingua
English
atef
posta un anno fa293 visualizzazioni
1 Risposta
0

Hi, yes, I believe that you are on the right track: you must assume the EC2 execution role if you want your call to success.

If you look at https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-iam.html , it says

If you run your Node.js application on an Amazon EC2 instance, you can leverage IAM roles for Amazon EC2 to automatically
 provide credentials to the instance. If you configure your instance to use IAM roles, the SDK automatically selects the IAM
 credentials for your application, eliminating the need to manually provide credentials.

Then section "Global configuration Examples" of https://pinecone-forest.com/aws-guide-v0.0.65/Configuring-the-SDK-for-JavaScript.html will detail how to set those credentials

profile pictureAWS
ESPERTO
Didier_Durand
con risposta un anno fa
  • atef
    un anno fa

    @Didier the role is already assumed and as I mentioned in my question I successfully retrieve parameters using the CLI on ec2. That means that the ec2 successfully assumes the correct role. The problem is with the node app not being able to assume the ec2 role. AFA global configuration, I don't think it's a good idea as the main purpose of associating a role to ec2 is eliminating the need for explicitly adding credentials in the app when making a call to aws services.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente