From a7c21e9dffba70bba30b0ecf2251abd49863d95a Mon Sep 17 00:00:00 2001 From: George Fu Date: Thu, 4 Apr 2024 17:55:34 +0000 Subject: [PATCH] docs(UPGRADING): on the use of expiration in credential provider functions --- UPGRADING.md | 3 ++- supplemental-docs/CLIENTS.md | 19 ++++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/UPGRADING.md b/UPGRADING.md index 1e317914dd4ff..9d452aa7e9a88 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -36,7 +36,8 @@ This list is indexed by [v2 config parameters](https://docs.aws.amazon.com/AWSJa - **v3**: No change. - [`credentials`](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#credentials-property) - **v2**: The AWS credentials to sign requests with. - - **v3**: No change. It can also be an async function that returns credentials. + - **v3**: No change. It can also be an async function that returns credentials. If the function returns an `expiration (Date)`, the function will + be called again when the expiration datetime nears. See [v3 reference for AwsAuthInputConfig credentials](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/interfaces/_aws_sdk_middleware_signing.awsauthinputconfig-1.html#credentials). - [`endpointCacheSize`](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#endpointCacheSize-property) - **v2**: The size of the global cache storing endpoints from endpoint discovery operations. diff --git a/supplemental-docs/CLIENTS.md b/supplemental-docs/CLIENTS.md index f610d57fdeeb9..39c540a73ca71 100644 --- a/supplemental-docs/CLIENTS.md +++ b/supplemental-docs/CLIENTS.md @@ -135,10 +135,17 @@ import { fromCognitoIdentity } from "@aws-sdk/credential-providers"; const client = new S3Client({ credentials: async () => { // get credentials from any source. + const credentials = { + /* ... */ + }; return { - accessKeyId: "...", - secretAccessKey: "...", - sessionToken: "...", + accessKeyId: credentials.accessKeyId, + secretAccessKey: "etc.", + sessionToken: "etc.", + // 1. You can set an expiration near which this function will be called again. + // 2. You can use the expiration given by your upstream credentials provider, if it exists. + // 3. Omitting an expiration will result in this function not being called more than once. + expiration: new Date(), }; }, }); @@ -340,11 +347,12 @@ const client = new DynamoDBClient({ requestHandler: new NodeHttpHandler({ requestTimeout: 3_000, httpsAgent: new https.Agent({ - maxSockets: 25 + maxSockets: 25, }), }), }); ``` + ```ts // Example: short form requestHandler configuration. import { DynamoDBClient } from "@aws-sdk/client-dynamodb"; @@ -356,8 +364,9 @@ const client = new DynamoDBClient({ }, }); ``` + You can instead pass the constructor parameters directly. The default requestHandler for the platform and service will be used. -For Node.js, most services use `NodeHttpHandler`. For browsers, most services use `FetchHttpHandler`. +For Node.js, most services use `NodeHttpHandler`. For browsers, most services use `FetchHttpHandler`. Kinesis, Lex Runtime v2, QBusiness, TranscribeStreaming use `NodeHttp2Handler` by default instead in Node.js. RekognitionStreaming and TranscribeStreaming use the `WebSocketFetchHandler` by default instead in browsers.