Credentials behaviour change vs SDK v2 #4777
Unanswered
rphippswiley
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
When using a Shared Configuration profile that includes
mfa_serial
:In SDK v2 it seemed the priority was to attempt to use the generated credentials in
~/.aws/credentials
( in our case, previously generated by the CLI). At the very least SDK v2 did not throw due tomfa_serial
being in the profile and was happy to use the previously generated credentials.In SDK v3, the priority is to attempt to assume role with the mfa_serial, and throws due to me not supplying mfa token function. It then finishes the credentials chain without trying the credentials generated previously.
Is this the desired behaviour?
versions (if it matters much)
SDK v2 : aws-sdk@2.1303.0
SDK v3:
"@aws-sdk/client-ssm": "^3.329.0",
"@aws-sdk/node-http-handler": "^3.329.0",
I'm simply reading a parameter
with a
~/.aws/config
file containing a profile withmfa_serial
like so:Assume Role myprofile via aws cli, and store myprofile credentials in
~/.aws/credentials
attempt to get a parameter from paramstore e.g.
~/.aws/credentials
due to existence ofmfa_serial
, vs SDK2 which worked fineBeta Was this translation helpful? Give feedback.
All reactions