using profile that assume role in aws-sdk (AWS JavaScript SDK)

Question

Using the AWS SDK for JavaScript, I want to use a default profile that assumes the role. This works perfectly with the AWS CLI. Using node.js with the SDK does not assume the role, but only uses credentials to the AWS account that the access key belongs to. I've found this documentation but it does not deal with assuming a role: http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-shared.html

Any tips?

This is my config file:

[default]

role_arn = arn:aws:iam::123456789:role/Developer

source_profile = default

output = json

region = us-east-1

Answer 1

The CLI and SDK work differently, in that you must explicitly assume the role when using the SDK. The SDK doesn't automatically assume the role from the config as the CLI does.

After the role is assumed, the AWS.config must be updated with the new credentials.

This works for me:

var AWS = require('aws-sdk');

AWS.config.region = 'us-east-1';

var sts = new AWS.STS();

sts.assumeRole({

  RoleArn: 'arn:aws:iam::123456789:role/Developer',

  RoleSessionName: 'awssdk'

}, function(err, data) {

  if (err) { // an error occurred

    console.log('Cannot assume role');

    console.log(err, err.stack);

  } else { // successful response

    AWS.config.update({

      accessKeyId: data.Credentials.AccessKeyId,

      secretAccessKey: data.Credentials.SecretAccessKey,

      sessionToken: data.Credentials.SessionToken

    });

  }

});