npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

aws-sts-helper

v1.0.5

Published

Facilitates gathering temporary security tokens from the AWS STS (Security Token Service) and then using that token information for interacting with AWS APIs

Downloads

13

Readme

aws-sts-helper

A library for facilitating the acquisition of temporary security tokens through the AWS Security Token Service (STS)

What does it do?

Using a particular AWS access key pair, query for and store a new access key pair, plus session token that is suitable to use for another role, that may have more specific or narrower permissions than the original access key pair.

For example, a role could be constructed with a policy that only allows for the creation of a named S3 bucket dev-projects-*, and provide all read-write permissions to the bucket created. Then this role can be access using the generated temporary access key and token by a locally developed project, limited to accessing just the dev-projects-* buckets in S3.

By default, any credentials created in this way are stored in a file, ./.aws-sts.json. This way the credentials are cached locally and available to reuse for the duration that the temporary credentials last. This library will look for the existence of the stored credentials and if they are still valid (not-expired) it will return them instead of generating a new set.

Usage:

You can set environment variables and/or set values in the configuration map passed into the getTemporaryCredentials call.

Available variables and their usage:

| Env Variable | Default | Purpose/Default | |-----------------------|-------------------------------------|-----------------------------------------------------------------| | AWS_STS_ACCESS_KEY | | Equivalent to AWS_ACCESS_KEY_ID. Used to generate credentials suitable to assume a specific role and the policies associated with it. | | AWS_STS_ACCESS_SECRET | | Equivalent to AWS_SECRET_ACCESS_KEY. Used to generate credentials suitable to assume a specific role and the policies associated with it. | | AWS_ROLE_ARN | | The Role to assume in ARN format| | AWS_ROLE_SESSION_NAME | temporary | A name that will be assigned to the temporary credentials | | AWS_STS_FILE_NAME | ./.aws-sts.json | Used to store credentials in JSON format, fully qualified path to credential file| | AWS_ROLE_DURATION_SECONDS | 43200 | Number of seconds the temporary access key lasts| | AWS_STS_FILE_MODE | 0o600 | Permissions setting on JSON file that caches credentials, (600 is user read-write only) |

These values can be passed either in the environment or in a configuration object, with environment variables overriding any passed in configuration.

Caching

By default, if credentials are successfully returned from the AWS STS, they will be written to the local filesystem. You can turn this behavior off by setting cache: false in the options map.

const sts = require('aws-sts-helper');

sts.getTemporaryCredentials({
    {
        cache: true,
        credentials: {
            fileName: './.aws-sts.json',
            mode: 0o600
        },
        role: {
            arn: 'arn:aws:iam::<account number>:role/ProjectsS3Development',
            sessionName: 'colbyProjectsDev',
            durationSeconds: 43200
        },
        key: {
            access: 'access key that allows calls to STS assume role',
            secret: 'secret key paired to access key'
        }
    }
}, (err, temp) => {
    if (err) {
        console.log('err:',err);
        process.exit(-1);
    }

    console.log('temp:',temp);
    sts.writeShellConfigSync("aws-temp-credentials.sh", temp);
});
const sts = require('aws-sts-helper');

// Assumes all setup is in environment
sts.getTemporaryCredentials({}, (err, temp) => {
    if (err) {
        console.log('err:',err);
        process.exit(-1);
    }

    console.log('Credentials expired:',sts.credentialsExpired(temp));
});