Setting Credentials in Node.js - AWS SDK for JavaScript

We announced the upcoming end-of-support for AWS SDK for JavaScript v2. We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Setting Credentials in Node.js

There are several ways in Node.js to supply your credentials to the SDK. Some of these are more secure and others afford greater convenience while developing an application. When obtaining credentials in Node.js, be careful about relying on more than one source such as an environment variable and a JSON file you load. You can change the permissions under which your code runs without realizing the change has happened.

Here are the ways you can supply your credentials in order of recommendation:

  1. Loaded from AWS Identity and Access Management (IAM) roles for Amazon EC2

  2. Loaded from the shared credentials file (~/.aws/credentials)

  3. Loaded from environment variables

  4. Loaded from a JSON file on disk

  5. Other credential-provider classes provided by the JavaScript SDK

If more than one credential source is available to the SDK, the default precedence of selection is as follows:

  1. Credentials that are explicitly set through the service-client constructor

  2. Environment variables

  3. The shared credentials file

  4. Credentials loaded from the ECS credentials provider (if applicable)

  5. Credentials that are obtained by using a credential process specified in the shared AWS config file or the shared credentials file. For more information, see Loading Credentials in Node.js using a Configured Credential Process.

  6. Credentials loaded from AWS IAM using the credentials provider of the Amazon EC2 instance (if configured in the instance metadata)

For more information, see Class: AWS.Credentials and Class: AWS.CredentialProviderChain in the API reference.

Warning

While it is possible to do so, we do not recommend hard-coding your AWS credentials in your application. Hard-coding credentials poses a risk of exposing your access key ID and secret access key.

The topics in this section describe how to load credentials into Node.js.

Topics