-
Notifications
You must be signed in to change notification settings - Fork 557
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSMClient unable to fetch secrets while running in Next.js middleware #6146
Comments
Hi @fs24-chrter - thanks for reaching out and sorry to hear you're running into an error. Before I attempt to reproduce it, can you share repro steps specific to SDK as far as how you configured the credentials and share the error logs as well? I want you to rule out everything else and simply make SDK SSMClient call with |
Hi @aBurmeseDev, sure, the most simple way to reproduce is to follow the link to the Github Repo that I've provided in the description. You will find a Docker image there. If you build this and push to ECR, you can run this as is in ECS. I've documented everything in the repository but happy to replicate it also directly here. Reproduction Reproducable code that shows the issue:
The code above fails only if it runs in the middleware. Then the error message is If the code runs anywhere else, it runs just fine. Credentials configuration Credentials should be fetched via task role. For this to work, you need to configure task role e.g. with this inline policy:
Let me know if you need something else. |
Seeing the same issue for dynamodb client. |
Checkboxes for prior research
Describe the bug
I experienced an issue that AWS credentials could not be resolved by code that is running in a Next.js middleware.
The same code is running fine if it is executed in a normal Next.js page.
SDK version number
@aws-sdk/client-ssm@3.583.0
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
Nextjs 14.2.3
Reproduction Steps
See reproducible isolated issue here: https://github.com/fs24-chrter/AWS-ssmclient-nextjs-issue
Observed Behavior
Middleware code is not able to fetch AWS credentials and its config resolves to a
Browser
config. Error message shown:Credential is missing
.Normal page code is able to fetch AWS credentials and its config resolves to
Node
config.Expected Behavior
I would expect that also the code running in the middleware is able to fetch AWS credentials. Since this code is executed on the server side and should have the same privileges as a normal Next.js page.
Possible Solution
It looks like the constructor of
SSMClient
resolves to a runtimeConfig that is of typeBrowser
in the middleware and therefore is not able to fetch policies from ECS task role.The same code resolves to runtimeConfig of type
Node
if running in normal Next.js page. Here the code is able to fetch the policies from ECS task role.It do not understand yet why code in the middleware thinks it's running in a Browser.
Additional Information/Context
No response
The text was updated successfully, but these errors were encountered: