The AWS SDK for JavaScript V3 API Reference Guide describes in detail all the API operations for the AWS SDK for JavaScript version 3 (V3).
Set credentials in Node.js
We recommend that new users who are developing locally and are not given a method of authentication by their employer to set up AWS IAM Identity Center. For more information, see SDK authentication with AWS.
There are several ways in Node.js to supply your credentials to the SDK. Some of these are more secure and others afford greater convenience while developing an application. When obtaining credentials in Node.js, be careful about relying on more than one source, such as an environment variable and a JSON file you load. You can change the permissions under which your code runs without realizing the change has happened.
AWS SDK for JavaScript V3 provides a default credential provider chain in Node.js, so you are not required to supply a credential provider explicitly. The default credential provider chain attempts to resolve the credentials from a variety of different sources in a given precedence, until a credential is returned from the one of the sources. You can find the credential provider chain for SDK for JavaScript V3 here.
Credential provider chain
All SDKs have a series of places (or sources) that they check in order to get valid credentials to use to make a request to an AWS service. After valid credentials are found, the search is stopped. This systematic search is called the default credential provider chain.
For each step in the chain, there are different ways to set the values. Setting values
directly in code always takes precedence, followed by setting as environment variables, and
then in the shared AWS config
file. For more information, see Precedence of
settings in the AWS SDKs and Tools Reference Guide.
The AWS SDKs and Tools Reference Guide has information on SDK configuration
settings used by all AWS SDKs and the AWS CLI. To learn more about how to configure the SDK
through the shared AWS config
file, see Shared
config and credentials files. To learn more about how to configure the SDK
through setting environment variables, see Environment variables
support.
To authenticate with AWS, the AWS SDK for JavaScript checks the credential providers in the order listed in the following table.
AWS SDK for JavaScript API Reference credential provider method by precedence | Credential provider(s) available | AWS SDKs and Tools Reference Guide |
---|---|---|
fromEnv()
| AWS access keys from environment variables | AWS access keys |
fromSSO() |
AWS IAM Identity Center. In this guide, see SDK authentication with AWS. | IAM Identity Center credential provider |
fromIni()
|
AWS access keys from shared |
|
Trusted entity provider (such as |
||
Web identity token from AWS Security Token Service (AWS STS) |
||
Amazon Elastic Container Service (Amazon ECS) credentials |
||
Amazon Elastic Compute Cloud (Amazon EC2) instance profile credentials (IMDS credential provider) |
||
Process credential provider |
||
AWS IAM Identity Center credentials |
||
fromProcess() |
Process credential provider | Process credential provider |
fromTokenFile() |
Web identity token from AWS Security Token Service (AWS STS) | Federate with web identity or OpenID Connect |
fromContainerMetadata() |
Amazon Elastic Container Service (Amazon ECS) credentials | Container credential provider |
fromInstanceMetadata() |
Amazon Elastic Compute Cloud (Amazon EC2) instance profile credentials (IMDS credential provider) | IMDS credential provider |
If you followed the recommended approach for new users to get started, you set up AWS IAM Identity Center authentication during SDK authentication with AWS of the Getting started topic. Other authentication methods are useful for different situations. To avoid security risks, we recommend always using short-term credentials. For other authentication method procedures, see Authentication and access in the AWS SDKs and Tools Reference Guide.
The topics in this section describe how to load credentials into Node.js.