AWS sdk get credentials using sso

Question

I'm trying to use the AWS secrets manager, when I'm using regular credentials its works fine. but I want to use SSO for it. when I don't have the .aws/credentials file and only .aws/config file.

In AWS documentation i saw this functions:

var params = {
  accessToken: 'STRING_VALUE', /* required */
  accountId: 'STRING_VALUE', /* required */
  roleName: 'STRING_VALUE' /* required */
};
sso.getRoleCredentials(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

but I don't understand where I can get the access token, account id, and role name. indeed I saw that in the .aws/config file there is an account id and role name, but I don't understand how can I get them into my code (maybe something like the function SharedIniFileCredentials) and also how can I get the access token?

Also, I tried to add this env variable AWS_SDK_LOAD_CONFIG=1 but still I'm getting this error:

Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1 

Answer 1

You can do this with credential-provider-sso. The documentation gives a full explanation but a quick example:

const { SecretsManager } = require('@aws-sdk/client-secrets-manager');
const { fromSSO } = require('@aws-sdk/credential-provider-sso');

const secretsManager = new SecretsManager({credentials: fromSSO()});

secretsManager.listSecrets({}, (err, data) => {
    console.error(err);
    console.info(data);
})

This will use the profile configured in the AWS_PROFILE environment variable, or you can pass {'profile': 'profilename'} to the fromSSO function.