DEV Community

Andres Moreno for AWS Community Builders

Posted on • Updated on • Originally published at andmore.dev

How to Run the JavaScript AWS SDK Locally

When using Access Keys I got used to setting the default profile in my credentials file and it worked just fine. When I began having to manage more accounts and switched to SSO, updating the default profile becomes more of a pain. I will show you a couple of ways to authenticate the SDK using named profiles.

I will be showing how to authenticate the AWS SDK against a specific AWS Account using the following methods:

  1. Setting environment variables
  2. Getting credentials in the code

Setting environment variables

The easiest way you can run the AWS SDK from your local machine is by setting the AWS_PROFILE environment variable (if not set it will default to the default profile).

In your terminal you can set the AWS_PROFILE environment variable so the SDK can find the profile from the ~/.aws/config file and use those values. When using AWS SSO you will need to log in by running aws sso login --profile my-profile.
Look at this Ben Kehoe's post for an explanation on how this command works.

How do you set environment variables?

Linux/macOS

$ export AWS_PROFILE=my-profile
$ export AWS_REGION=us-east-1
Enter fullscreen mode Exit fullscreen mode

Powershell

PS C:\> $Env:AWS_PROFILE="my-profile"
PS C:\> $Env:AWS_REGION="us-east-1"
Enter fullscreen mode Exit fullscreen mode

Windows Command Prompt

C:\> setx AWS_PROFILE my-profile
C:\> setx AWS_REGION us-east-1
Enter fullscreen mode Exit fullscreen mode

You can now use any client by initializing it as shown below.

  const { SecretsManagerClient } = require('@aws-sdk/client-secrets-manager');
  const secretsManagerClient = new SecretsManagerClient();
Enter fullscreen mode Exit fullscreen mode

There are more environment variables that you can set in you terminal to accomplish different things, here is a list of supported environment variables.

Getting credentials in code

Another way to provide the credentials to the SDK is by using the credentials-provider class. This requires your code to be aware of any parameters you need to set.

To make this work the same way as the environment variable route you will need to provide the profile as an input in your code.

Once you are signed in to your SSO with aws sso login --profile my-profile, you can get the credentials using the credential-providers package as shown below (If using the default profile you can start the client the same way than with environment variables)

  const { SecretsManagerClient } = require('@aws-sdk/client-secrets-manager');
  const { fromSSO } = require('@aws-sdk/credential-providers');
  const credentials = await fromSSO({
    profile: inputtedProfile
  })();
Enter fullscreen mode Exit fullscreen mode

With the AwsCredentialIdentityProvider object you can initialize any client by providing the credentials and the region as shown below:

  const secretsManagerClient = new SecretsManagerClient({
    credentials: credentials,
    region: inputtedRegion
  });
Enter fullscreen mode Exit fullscreen mode

Conclusion

Running the SDK from your local machine is very important and valuable to be able to provide tooling and improve your developer experience.

We went through some of the ways you can authenticate code that is being executed locally when you have several profiles .
There are other ways you can authenticate, so if these options do not work for you dueto organization security policies or any other reason, I recommend looking into the documentation or reach out to the community to find which one fits you best.
Twitter AWS Community
AWS Developers Slack Workspace

Top comments (2)

Collapse
 
benkehoe profile image
Ben Kehoe

One note here: you say "Once you signed in to a specific profile by doing aws sso login --profile my-profile", but you don't actually sign in to a profile. You only need to sign in once for all your profiles (that share the same SSO/Identity Center start URL). I wrote an explainer on this subject: medium.com/@ben11kehoe/you-only-ne...

Collapse
 
andmoredev profile image
Andres Moreno

Wow that is a great explanation, I will update the post to reflect this.
Thanks Ben!