Support AWS_SESSION_TOKEN in ssm.js

Question

Support AWS_SESSION_TOKEN in ssm.js

jing-emma opened this issue 6 months ago · comments

Per Issue #5 Support AWS_SESSION_TOKEN authentication, Support for AWS_SESSION_TOKEN has been added since 0.5.0.

I have tried to get a parameter from SSM by using ssm getParameter function. await systemsManager.getParameter(testParameterName). I got an error saying 'Uncaught (in promise) SystemsManagerServiceError: The security token included in the request is invalid'. We login AWS via SSO. I can do s3.listBuckets(). It is an issue only happened to ssm.

If I read the code correctly, I think the fix could be as simple as adding sessionToken: this.awsConfig.sessionToken when constructing SignatureV4 on line 39

 this.signature = new SignatureV4({
            service: this.serviceName,
            region: awsConfig.region,
            credentials: {
                accessKeyId: awsConfig.accessKeyId,
                secretAccessKey: awsConfig.secretAccessKey,
                sessionToken: this.awsConfig.sessionToken,
            },
            uriEscapePath: true,
            applyChecksum: false,
        })

I would appreciate it if you could take a look at this issue. Thanks

oh BTW kms.js does not have sessionToken passed in. I bet it had the same issue.

Théo Crevon · Answer 1 · Wed Dec 20 2023 21:43:57 GMT+0800 (China Standard Time)

Good catch @jing-emma 👀 I'll look into it as soon as I have capacity.
If you have the time, we would also appreciate a PR 👍🏻

Joan López de la Franca Beltran · Answer 2 · Fri Jan 05 2024 03:25:52 GMT+0800 (China Standard Time)

Hey @jing-emma,
Could you confirm that now that we've merged your pull request, we can close this issue?
Thanks so much for both reporting the issue and contributing! 💟

jing-emma · Answer 3 · Fri Jan 05 2024 04:13:06 GMT+0800 (China Standard Time)

I have verified that this issue is fixed by using the locally built ssm.js in my project. A release with version 0.11.1 or later should have this fix.