New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
type checking error with fromEnv
in @aws-sdk/credential-providers
#3392
Comments
i also face the same problem |
Receiving the same error but for |
Has anyone found a way to fix it? I have the same problem with |
One strange workaround that worked for me after a lot of experimenting was using version 3.40 of this package and importing Though that did not work with |
Thank you for you reply!!! It's a strange behavior of the library |
Has anybody been able to resolve this? I'm hitting the same issue with import { fromIni } from "@aws-sdk/credential-providers"; The following error is raised:
Looking at export * from "./fromCognitoIdentity";
export * from "./fromCognitoIdentityPool";
export * from "./fromTemporaryCredentials";
export * from "./fromWebToken"; Do additional exports need to be added here to match those within |
Assigning to @ajredniwja for triaging. |
We don't export For a browser application, you need to use one of the following credential providers: fromCognitoIdentity, fromCognitoIdentityPool, fromTemporaryCredentials, fromWebToken @sudhirjena @justenau Can you explain you use case where you plan to read credentials from environment or configuration files in the browser? |
It is incorrect to say that Due to security concerns, it is highly recommended against guiding people towards hard coding strings directly into their code bases. Within Amazon, we are actually strictly forbidden from even suggesting this within our example repositories or code samples. For this reason we need a good path forward on these local development use cases. Additionally, for any credential-providers which are intentionally not supported in the browser, they should be:
|
Can you share an example or documentation of how it's done in case of create react app?
I created a feature request to add documentation at #3586
The existing error clearly mentions |
Which is not documented, and clearly many people think this is an accidental bug, as evident by this ticket. This method of communicating the API is not a good design, because the library still exports them as typescript types. Environment variables in the front end:
|
This wiki clearly mentions
It's not explicitly called out in homepage of rollup and webpack plugins, the SDK shouldn't expose If we officially expose Here's the workaround to explicitly set credentials if you're injecting them through const client = new ClientName({
credentials: {
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
},
}) This explicit code during client creation will ensure that it's not recommended by the SDK. |
Out of curiosity to check if any follow-up is required from SDK: |
Another question: Would it be helpful is SDK provides a different utility to improve local development experience for frontend? If yes, what that utility should look like? We can create a new feature request for this utility. I'm assuming this utility (say |
If the decision is made not to include these, I think it should be considered to have the credential providers throw errors at run time which point towards the documentation and explain these aren't supported. The message "export 'fromEnv' (imported as 'fromEnv') was not found in '@aws-sdk/credential-providers" leads the user to think it's an issue with the SDK, as we can see by the comments made in the issue. The typescript definitions also indicate it should exist, making for a confusing experience. My use case for |
I have just encountered this same issue. I don't really understand the logic of not including fromEnv / fromProcess / fromIni in the exports for the browser version.
Using AWS, we can inject secrets into the environment of containerized applications at runtime. This is even the recommended practice with ECS according to the documentation. We can also make the environmental variables accessible from containers by mapping the environmental variables of an EC2 from EB to the container using docker-compose according to the EB developer's guide. It's not a stretch to use an entrypoint script in a container to retrieve the secrets from the environment (as described in the documentation) and place them in a credentials file which the React application can access. I would also like to emphasize @diehbria 's comment:
My question then becomes, what is the recommendation from AWS if we're not able to import fromEnv / fromProcess / fromIni in a containerized React application? |
I believe I am having a related issue, though through the lens of NextJS. In a
allows me to successfully use a I then tried to use the node credential provider:
and encounter an error:
I could not find anything explaining when to use which module, why they are different (when they seem to do the same thing), or these errors. It sounds like typeError is because |
Any update on this? I too am needing to use saml2aws creds with fromIni in a Vue app. I'm getting the "Syntax Error: ambiguous indirect export: fromIni" error message. I've followed the code instructions from the latest AWS SDK version 3 documentation for credential-providers. |
I have the same issue in local development, I got
Now I'm stuck on this. |
Any update on this? |
I am also facing the same issue, appreciate any updates on the matter. |
same, getting a |
Any workarounds for this? |
any update for this? |
Webpack may transform the Node.js process env to the application, but this is only a simulated effect and additionally not consistent across bundlers. Any credential supplying async function can be provided to an SDK client. It will be called automatically when credentials are needed and when they expire (if expiration is set). import { S3Client } from "@aws-sdk/client-s3";
const provider = async () => {
return {
accessKeyId: "...",
secretAccessKey: "...",
sessionToken: "...",
expiration: new Date( /*...*/ )
}
};
new S3Client({
credentials: provider
}); If you really want to use As documented here: https://www.npmjs.com/package/@aws-sdk/credential-providers |
@kuhe Not sure if this comment was directed at everyone or some other poster... In our situation, we are not trying to use AWS from the browser at all (we don't provide any credentials there). We are trying to pass container credentials to our TRPC server and we are getting these warnings. They are new and large warnings that didn't use to be there. The warnings really don't apply to us at all. We would like to be rid of them. Is there some way to restrict this warning just to cases where someone is trying to use these in the browser? |
@jove4015 please create a new issue with instructions on how to replicate the error. |
Hey there, the last two days I was working on a vue application and faced the same problem, whereby the mentioned solution of kuhe worked. After having it working I took myself some time to re-think things and the point is that Vue, React, ect. are frontend frameworks which are made to create an application for the browser, meaning they show all their information in the code. Now out of security perspective it makes sense that these functions aren't available for frontend applications which are running in the browser, because there is the risk to show the credentials in the code. In my case I'll have a lambda in between the application to handle the s3 authentication as well as the up- and download of objects, which then will be passed to the FE-App. Another way how to handle it, would be to make the S3 bucket public and work with resource permissions and CORS rules to make sure that the traffic is safe. |
I have a similar issue with using We use process.envs to determine whether to fetch a public lambda for development or a private lambda (which is what is on our production sites) which is what is utilizing this. Locally this causes an issue when we build nextjs packages unless I change it to CJS syntax for the import. Most noticably, this error is incorrect; as its not so much that its a bad import reference, just that it isn't designed to be used in this way (even though, it works in the way that it is being used by everyone in this thread). |
Describe the bug
While using
@aws-sdk/credential-providers
in a React typescript application having the following code:We encounter the following build error:
Your environment
macOS
SDK version number
@aws-sdk/credential-providers@3.53.0
Is the issue in the browser/Node.js/ReactNative?
Browser
Details of the browser/Node.js/ReactNative version
Steps to reproduce
Please share code or minimal repo, and steps to reproduce the behavior.
npx create-react-app my-app --template typescript
npm install @aws-sdk/credential-providers @iot-app-kit/source-iotsitewise
App.tsx
npm start
ornpm run build
Observed behavior
React app fails to run or build due to following type checking error
Expected behavior
Although @aws-sdk/credential-providers has the following exported member, the type resolution fails. The type resolution for
fromEnv
should not fail.The text was updated successfully, but these errors were encountered: