Setting credentials in Node.js - AWS SDK for JavaScript

Help us improve the AWS SDK for JavaScript version 3 (V3) documentation by providing feedback using the Feedback link, or create an issue or pull request on GitHub.

The AWS SDK for JavaScript V3 API Reference Guide describes in detail all the API operations for the AWS SDK for JavaScript version 3 (V3).

Setting credentials in Node.js

There are several ways in Node.js to supply your credentials to the SDK. Some of these are more secure and others afford greater convenience while developing an application. When obtaining credentials in Node.js, be careful about relying on more than one source, such as an environment variable and a JSON file you load. You can change the permissions under which your code runs without realizing the change has happened.

You can supply your credentials in order of recommendation:

  1. Loaded from AWS Identity and Access Management (IAM) roles for Amazon EC2

  2. Loaded from the shared credentials file (~/.aws/credentials)

  3. Loaded from environment variables

  4. Loaded from a JSON file on disk

  5. Other credential-provider classes provided by the JavaScript SDK

V3 provides a default credential provider in Node.js. So you are not required to supply a credential provider explicitly. The default credential provider attempts to resolve the credentials from a variety of different sources in a given precedence, until a credential is returned from the one of the sources. If the resolved credential is from a dynamic source, which means the credential can expire, the SDK will only use the specific source to refresh the credential.

Here's the order of the sources where the default credential provider resolve credentials from:

  1. Environment variables

  2. The shared credentials file

  3. Credentials loaded from the Amazon ECS credentials provider (if applicable)

  4. Credentials loaded from AWS Identity and Access Management using the credentials provider of the Amazon EC2 instance (if configured in the instance metadata)

Warning

We don't recommend hard-coding your AWS credentials in your application. Hard-coding credentials poses a risk of exposing your access key ID and secret access key.

The topics in this section describe how to load credentials into Node.js.