Authentication to AWS


Hey, how is supposed to authenticate to AWS?

Based on AWS docs, in new API version there should be used identity pool:

  const s3 = new S3Client({
    region: REGION,
    credentials: fromCognitoIdentityPool({
      clientConfig: { region: REGION }, // Configure the underlying CognitoIdentityClient.
      identityPoolId: "<ID>",
      logins: {
        // Optional tokens, used for authenticated login.

Locally, I used file for setting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
But these var names are reserved, so I can’t pass it.

What is the right way for that?

Hey Peter,

We don’t handle that for you (we do deploy any lambdas to our AWS account on your behalf, and run them). For anything beyond running your functions in our account, you’d have to build whatever you need as far as getting authenticated at other services.

We don’t have any code patterns for that, but I suppose there are a lot out there on the internet you could cheat off of depending on what your goals are.

I would expect you still need to pass in those values to your functions somehow - but what you may have run into (or will soon, if you haven’t already), is that we set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for that deployment of the functions - so you’ll need to use differently named environment variables (not starting with AWS_) and adjust your code to read from them.

As for how you write the code to auth, that’s not a question our Support team will be able to help with; perhaps AWS’ tech support or documentation has more details about how to use the identity pool and any other features they (not we) provide.