Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(credential-providers): make credential providers aware of caller client region #6726

Merged
merged 8 commits into from
Dec 13, 2024
Merged

feat(credential-providers): make credential providers aware of caller client region #6726

merged 8 commits into from
Dec 13, 2024

Conversation

kuhe
Copy link
Contributor

@kuhe kuhe commented Dec 11, 2024
edited
Loading

We previously introduced the concept of a "parentClientConfig" for credential providers that create another (inner) SDK client such as STS.

One problem was that if the provider was initialized outside of a client, this association between the client and credential provider function could not be made. This PR makes AWS credential providers accept a contextual client config, making them region aware at call time. The result is improved intuitiveness of default behavior, as shown below.

currently

⚠️ when using a CODE level credential configuration, any potential spawning of an inner client such as STS for AssumeRole must be passed the region in a redundant manner. This is because fromIni is a standalone function that can resolve credentials without the context of an SDK client.

import { DynamoDB } from "@aws-sdk/client-dynamodb";
import { fromIni } from "@aws-sdk/credential-providers";

const ddb = new DynamoDB({
  region: "eu-west-1",
  credentials: fromIni({
    clientConfig: { region: "eu-west-1" }, // required, but often forgotten
  }),
});

in this PR

Improved intuitiveness of credentials region resolution.

import { DynamoDB } from "@aws-sdk/client-dynamodb";
import { fromIni } from "@aws-sdk/credential-providers";

const ddb = new DynamoDB({
  region: "eu-west-1",
  // will default to the client's region instead of the commercial partition default (us-east-1)
  credentials: fromIni({}), 
});

// initialized outside a client
const credentialsProvider = fromIni();

// uses global default of us-east-1 as before, when invoked outside of a client.
const credentials = await credentialsProvider();

const ddb = new DynamoDB({
  region: "eu-west-1",
  credentials: credentialsProvider, // will default to the client's region if supplied to a client
});

@kuhe kuhe mentioned this pull request Dec 11, 2024
Open
4 tasks
@kuhe kuhe marked this pull request as ready for review December 11, 2024 21:07
@kuhe kuhe requested a review from a team as a code owner December 11, 2024 21:07
@kuhe kuhe force-pushed the feat/credentials-context branch 2 times, most recently from 5bc2b69 to 7c97498 Compare December 12, 2024 20:11
@kuhe kuhe changed the title feat(credential-providers): make credential providers aware of contextual client region feat(credential-providers): make credential providers aware of caller client region Dec 12, 2024
@kuhe kuhe force-pushed the feat/credentials-context branch from 6c470e9 to c8ab6fa Compare December 12, 2024 20:58
@kuhe kuhe force-pushed the feat/credentials-context branch from c8ab6fa to 90d7122 Compare December 13, 2024 19:47
@kuhe kuhe merged commit a65995f into aws:main Dec 13, 2024
3 of 4 checks passed
@kuhe kuhe deleted the feat/credentials-context branch December 13, 2024 20:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trivikr trivikr trivikr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kuhe @trivikr