How to use ECS credentials with AWS JS SDK

Question

How to use ECS credentials with AWS JS SDK

I am trying to access the S3 Bucket using the AWS JS SDK, but without success.

I got a definition that uses the role of the task Foo . This task role as an attached policy To access the S3 bucket:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::foo-bucket"
    }
  ]
}

In which I have to configure for my instance to use IAM roles. But I can not find anything about this in the AWS documentation.

I tried to determine credentialsusing AWS.ECSCredentials class:

const options = {
  apiVersion: '2006-03-01',
  region: bucketSettings.region,
  credentials: new AWS.ECSCredentials({
    httpOptions: { timeout: 5000 }, // 5 second timeout
    maxRetries: 10, // retry 10 times
    retryDelayOptions: { base: 200 }, // see AWS.Config for information
  })
};

this.s3Instance = new AWS.S3(options);

When I try to access the file in the S3 bucket:

const document = await this.s3Instance
  .getObject({ Bucket: bucketSettings.name, Key: key })
  .promise();

return document;

I still have

Access is denied

Any idea what I'm missing there?

+2

javascript amazon-s3 aws-sdk amazon-ecs

Erazihel Aug 11 '17 at 12:02

1

Erazihel · Accepted Answer · 2017-08-11T14:24:33+0000

S3 ( /* ):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::foo-bucket/*"
    }
  ]
}

, credentials, AWS SDK, :

const options = {
  apiVersion: '2006-03-01',
  region: bucketSettings.region,
};

this.s3Instance = new AWS.S3(options);

How to use ECS credentials with AWS JS SDK

More articles: