UNPKG

aws-sdk

Version:

AWS SDK for JavaScript

github.com/aws/aws-sdk-js

aws/aws-sdk-js

166 lines (153 loc) 5.57 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
var AWS = require('../core'); require('../metadata_service'); /** * Represents credentials received from the metadata service on an EC2 instance. * * By default, this class will connect to the metadata service using * {AWS.MetadataService} and attempt to load any available credentials. If it * can connect, and credentials are available, these will be used with zero * configuration. * * This credentials class will by default timeout after 1 second of inactivity * and retry 3 times. * If your requests to the EC2 metadata service are timing out, you can increase * these values by configuring them directly: * * ```javascript * AWS.config.credentials = new AWS.EC2MetadataCredentials({ * httpOptions: { timeout: 5000 }, // 5 second timeout * maxRetries: 10, // retry 10 times * retryDelayOptions: { base: 200 }, // see AWS.Config for information * logger: console // see AWS.Config for information * ec2MetadataV1Disabled: false // whether to block IMDS v1 fallback. * }); * ``` * * If your requests are timing out in connecting to the metadata service, such * as when testing on a development machine, you can use the connectTimeout * option, specified in milliseconds, which also defaults to 1 second. * * If the requests failed or returns expired credentials, it will * extend the expiration of current credential, with a warning message. For more * information, please go to: * https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html * * @!attribute originalExpiration * @return [Date] The optional original expiration of the current credential. * In case of AWS outage, the EC2 metadata will extend expiration of the * existing credential. * * @see AWS.Config.retryDelayOptions * @see AWS.Config.logger * * @!macro nobrowser */ AWS.EC2MetadataCredentials = AWS.util.inherit(AWS.Credentials, { constructor: function EC2MetadataCredentials(options) { AWS.Credentials.call(this); options = options ? AWS.util.copy(options) : {}; options = AWS.util.merge( {maxRetries: this.defaultMaxRetries}, options); if (!options.httpOptions) options.httpOptions = {}; options.httpOptions = AWS.util.merge( {timeout: this.defaultTimeout, connectTimeout: this.defaultConnectTimeout}, options.httpOptions); this.metadataService = new AWS.MetadataService(options); this.logger = options.logger || AWS.config && AWS.config.logger; }, /** * @api private */ defaultTimeout: 1000, /** * @api private */ defaultConnectTimeout: 1000, /** * @api private */ defaultMaxRetries: 3, /** * The original expiration of the current credential. In case of AWS * outage, the EC2 metadata will extend expiration of the existing * credential. */ originalExpiration: undefined, /** * Loads the credentials from the instance metadata service * * @callback callback function(err) * Called when the instance metadata service responds (or fails). When * this callback is called with no error, it means that the credentials * information has been loaded into the object (as the `accessKeyId`, * `secretAccessKey`, and `sessionToken` properties). * @param err [Error] if an error occurred, this value will be filled * @see get */ refresh: function refresh(callback) { this.coalesceRefresh(callback || AWS.util.fn.callback); }, /** * @api private * @param callback */ load: function load(callback) { var self = this; self.metadataService.loadCredentials(function(err, creds) { if (err) { if (self.hasLoadedCredentials()) { self.extendExpirationIfExpired(); callback(); } else { callback(err); } } else { self.setCredentials(creds); self.extendExpirationIfExpired(); callback(); } }); }, /** * Whether this credential has been loaded. * @api private */ hasLoadedCredentials: function hasLoadedCredentials() { return this.AccessKeyId && this.secretAccessKey; }, /** * if expired, extend the expiration by 15 minutes base plus a jitter of 5 * minutes range. * @api private */ extendExpirationIfExpired: function extendExpirationIfExpired() { if (this.needsRefresh()) { this.originalExpiration = this.originalExpiration || this.expireTime; this.expired = false; var nextTimeout = 15 * 60 + Math.floor(Math.random() * 5 * 60); var currentTime = AWS.util.date.getDate().getTime(); this.expireTime = new Date(currentTime + nextTimeout * 1000); // TODO: add doc link; this.logger.warn('Attempting credential expiration extension due to a ' + 'credential service availability issue. A refresh of these ' + 'credentials will be attempted again at ' + this.expireTime + '\nFor more information, please visit: https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html'); } }, /** * Update the credential with new credential responded from EC2 metadata * service. * @api private */ setCredentials: function setCredentials(creds) { var currentTime = AWS.util.date.getDate().getTime(); var expireTime = new Date(creds.Expiration); this.expired = currentTime >= expireTime ? true : false; this.metadata = creds; this.accessKeyId = creds.AccessKeyId; this.secretAccessKey = creds.SecretAccessKey; this.sessionToken = creds.Token; this.expireTime = expireTime; } });