Class: AWS.Credentials
- Inherits:
-
Object
- Object
- AWS.Credentials
- Defined in:
- lib/credentials.js
Overview
Represents your AWS security credentials, specifically the
accessKeyId, secretAccessKey, and optional sessionToken.
Creating a Credentials
object allows you to pass around your
security information to configuration and service objects.
Note that this class typically does not need to be constructed manually, as the AWS.Config and AWS.Service classes both accept simple options hashes with the three keys. These structures will be converted into Credentials objects automatically.
Expiring and Refreshing Credentials
Occasionally credentials can expire in the middle of a long-running application. In this case, the SDK will automatically attempt to refresh the credentials from the storage location if the Credentials class implements the refresh() method.
If you are implementing a credential storage location, you
will want to create a subclass of the Credentials
class and
override the refresh() method. This method allows credentials to be
retrieved from the backing store, be it a file system, database, or
some network storage. The method should reset the credential attributes
on the object.
Direct Known Subclasses
AWS.ChainableTemporaryCredentials, AWS.CognitoIdentityCredentials, AWS.CredentialProviderChain, AWS.EC2MetadataCredentials, AWS.EnvironmentCredentials, AWS.FileSystemCredentials, AWS.ProcessCredentials, AWS.RemoteCredentials, AWS.SAMLCredentials, AWS.SharedIniFileCredentials, AWS.TemporaryCredentials, AWS.TokenFileWebIdentityCredentials, AWS.WebIdentityCredentials
Constructor Summary collapse
-
new AWS.Credentials() ⇒ void
constructor
A credentials object can be created using positional arguments or an options hash.
Property Summary collapse
-
accessKeyId ⇒ String
readwrite
The AWS access key ID.
-
expired ⇒ Boolean
readwrite
Whether the credentials have been expired and require a refresh.
-
expireTime ⇒ Date
readwrite
A time when credentials should be considered expired.
-
expiryWindow ⇒ Integer, Number
static
readwrite
-
secretAccessKey ⇒ String
readwrite
The AWS secret access key.
-
sessionToken ⇒ String
readwrite
An optional AWS session token.
Method Summary collapse
-
get(callback) ⇒ void
Gets the existing credentials, refreshing them if they are not yet loaded or have expired.
-
getPromise() ⇒ Promise
Returns a 'thenable' promise.
-
needsRefresh() ⇒ Boolean
Whether the credentials object should call refresh().
-
refresh(callback) ⇒ void
Refreshes the credentials.
-
refreshPromise() ⇒ Promise
Returns a 'thenable' promise.
Constructor Details
new AWS.Credentials(accessKeyId, secretAccessKey, sessionToken = null) ⇒ void new AWS.Credentials(options) ⇒ void
A credentials object can be created using positional arguments or an options hash.
Property Details
accessKeyId ⇒ String (readwrite)
Returns the AWS access key ID.
expired ⇒ Boolean (readwrite)
Returns whether the credentials have been expired and require a refresh. Used in conjunction with expireTime.
expireTime ⇒ Date (readwrite)
Returns a time when credentials should be considered expired. Used in conjunction with expired.
expiryWindow ⇒ Integer, Number (static, readwrite)
secretAccessKey ⇒ String (readwrite)
Returns the AWS secret access key.
sessionToken ⇒ String (readwrite)
Returns an optional AWS session token.
Method Details
get(callback) ⇒ void
Gets the existing credentials, refreshing them if they are not yet loaded or have expired. Users should call this method before using refresh(), as this will not attempt to reload credentials when they are already loaded into the object.
getPromise() ⇒ Promise
Returns a 'thenable' promise. Gets the existing credentials, refreshing them if they are not yet loaded or have expired. Users should call this method before using refresh(), as this will not attempt to reload credentials when they are already loaded into the object.
Two callbacks can be provided to the then
method on the returned promise.
The first callback will be called if the promise is fulfilled, and the second
callback will be called if the promise is rejected.
needsRefresh() ⇒ Boolean
Subclasses should override this method to provide custom refresh logic.
Returns whether the credentials object should call refresh().
refresh(callback) ⇒ void
Subclasses should override this class to reset the accessKeyId, secretAccessKey and optional sessionToken on the credentials object and then call the callback with any error information.
Refreshes the credentials. Users should call get() before attempting to forcibly refresh credentials.
refreshPromise() ⇒ Promise
Returns a 'thenable' promise. Refreshes the credentials. Users should call get() before attempting to forcibly refresh credentials.
Two callbacks can be provided to the then
method on the returned promise.
The first callback will be called if the promise is fulfilled, and the second
callback will be called if the promise is rejected.