@aws-sdk/credential-providers 3.935.0 → 3.936.0

package/README.md

@@ -28,6 +28,9 @@ A collection of all credential providers.
   - [Supported Configuration](#supported-configuration)
   - [SSO login with AWS CLI](#sso-login-with-the-aws-cli)
   - [Sample Files](#sample-files-2)
+- [From Login Credentials](#fromLoginCredentials)
+  - [Login with AWS CLI](#login-with-aws-cli)
+  - [Sample Files](#sample-files-3)
 - [From Node.js default credentials provider chain](#fromnodeproviderchain)
 - [Creating a custom credentials chain](#createcredentialchain)
 
@@ -920,6 +923,109 @@ sso_role_name = SampleRole
 sso_start_url = https://d-abc123.awsapps.com/start
 ```
 
+## `fromLoginCredentials()`
+
+- Uses `@aws-sdk/client-signin`
+- Not available in browsers & native apps
+
+`fromLoginCredentials` creates an `AwsCredentialIdentityProvider` function that reads from cached login credentials stored on disk after authenticating with the AWS CLI using the `aws login` command. The provider automatically refreshes when the credentials are about to expire.
+
+This provider is not typically used in an explicit fashion and is designed to simplify credential usage by allowing SDK clients to work seamlessly after running `aws login` with AWS CLI, without requiring any additional configuration.
+
+```javascript
+import { fromLoginCredentials } from "@aws-sdk/credential-providers"; // ES6 import
+
+const client = new FooClient({
+  // Optional, available on clients as of v3.714.0.
+  profile: "my-profile",
+  credentials: fromLoginCredentials({
+    // Optional. Defaults to the client's profile if that is set.
+    // Optional. Should match the profile name used with 'aws login --profile <name>'
+    // to ensure credentials are found in the cache. Uses 'default' if no
+    // --profile was specified during aws login or if this option is omitted.
+    profile: "my-profile",
+    // Optional. Overwrite the configuration used to construct the signin service client.
+    // If not specified, a default signin client will be created with the region specified in the profile.
+    // Warning: setting a region here overrides the region set in the config file
+    // for the selected profile.
+    clientConfig: { region },
+  }),
+});
+```
+
+### Login with AWS CLI
+
+This credential provider relies on the AWS CLI to authenticate and cache login credentials. Here's how to set it up:
+
+1. **Initial Login**: Run the `aws login` command to authenticate using your existing AWS Management Console credentials:
+
+```console
+$ aws login
+```
+
+2. **Named Profile**: To sign in to a named profile or create a new one, use the `--profile` option:
+
+```console
+$ aws login --profile my-dev-profile
+```
+
+3. **Region Configuration**: If this is a new profile or no AWS Region has been specified, the AWS CLI prompts you to provide a region:
+
+```console
+No AWS region has been configured. The AWS region is the geographic location of
+your AWS resources.
+
+If you've used AWS before and already have resources in your account, tell us
+which region they were created in. If you haven't created resources in your account
+before, you can pick the region closest to you:
+https://docs.aws.amazon.com/global-infrastructure/latest/regions/aws-regions.html.
+You are able to change the region in the CLI at any time with the command
+`aws configure set region NEW_REGION`.
+
+AWS Region [us-east-1]:
+```
+
+4. **Browser Authentication**: The AWS CLI attempts to open your default browser for the sign in process:
+
+```console
+Attempting to open the login page for `us-east-1` in your default browser.
+If the browser does not open, use the following URL to complete your login:
+https://signin.us-east-1.amazonaws.com/authorize?<abbreviated>
+```
+
+5. **No Browser Option**: If the device using the AWS CLI does not have a browser, you can use the `--no-browser` option:
+
+```console
+$ aws login --no-browser
+```
+
+This will provide a URL for you to open on a browser-enabled device and prompt for an authorization code.
+
+6. **Logout**: When you are done using your session, you can let your credentials expire, or run the `aws logout` command:
+
+```console
+$ aws logout
+$ aws logout --profile my-dev-profile
+```
+
+### Cached Credentials
+
+The temporary cached credentials, as well as the metadata required to refresh them are stored by default in `~/.aws/login/cache` on Linux and macOS, or `%USERPROFILE%\.aws\login\cache` on Windows.
+
+You can override this location by setting the `AWS_LOGIN_CACHE_DIRECTORY` environment variable.
+
+### Sample Files
+
+After running `aws login`, the configuration file will contain a `login_session` entry:
+
+#### `~/.aws/config`
+
+```ini
+[default]
+login_session = arn:aws:iam::0123456789012:user/username
+region = us-east-1
+```
+
 ## `fromNodeProviderChain()`
 
 - May use `@aws-sdk/client-sts`, `@aws-sdk/client-sso`, etc. depending on

package/dist-cjs/fromLoginCredentials.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fromLoginCredentials = void 0;
+const credential_provider_login_1 = require("@aws-sdk/credential-provider-login");
+const fromLoginCredentials = (init) => (0, credential_provider_login_1.fromLoginCredentials)({
+    ...init,
+});
+exports.fromLoginCredentials = fromLoginCredentials;

package/dist-cjs/index.js

@@ -6,11 +6,12 @@ tslib_1.__exportStar(require("./createCredentialChain"), exports);
 tslib_1.__exportStar(require("./fromCognitoIdentity"), exports);
 tslib_1.__exportStar(require("./fromCognitoIdentityPool"), exports);
 tslib_1.__exportStar(require("./fromContainerMetadata"), exports);
+tslib_1.__exportStar(require("./fromEnv"), exports);
 var credential_provider_http_1 = require("@aws-sdk/credential-provider-http");
 Object.defineProperty(exports, "fromHttp", { enumerable: true, get: function () { return credential_provider_http_1.fromHttp; } });
-tslib_1.__exportStar(require("./fromEnv"), exports);
 tslib_1.__exportStar(require("./fromIni"), exports);
 tslib_1.__exportStar(require("./fromInstanceMetadata"), exports);
+tslib_1.__exportStar(require("./fromLoginCredentials"), exports);
 tslib_1.__exportStar(require("./fromNodeProviderChain"), exports);
 tslib_1.__exportStar(require("./fromProcess"), exports);
 tslib_1.__exportStar(require("./fromSSO"), exports);

package/dist-es/fromLoginCredentials.js

@@ -0,0 +1,4 @@
+import { fromLoginCredentials as _fromLoginCredentials, } from "@aws-sdk/credential-provider-login";
+export const fromLoginCredentials = (init) => _fromLoginCredentials({
+    ...init,
+});

package/dist-es/index.js

@@ -2,10 +2,11 @@ export * from "./createCredentialChain";
 export * from "./fromCognitoIdentity";
 export * from "./fromCognitoIdentityPool";
 export * from "./fromContainerMetadata";
-export { fromHttp } from "@aws-sdk/credential-provider-http";
 export * from "./fromEnv";
+export { fromHttp } from "@aws-sdk/credential-provider-http";
 export * from "./fromIni";
 export * from "./fromInstanceMetadata";
+export * from "./fromLoginCredentials";
 export * from "./fromNodeProviderChain";
 export * from "./fromProcess";
 export * from "./fromSSO";

package/dist-types/fromLoginCredentials.d.ts

@@ -0,0 +1,7 @@
+import { type FromLoginCredentialsInit } from "@aws-sdk/credential-provider-login";
+import type { RuntimeConfigAwsCredentialIdentityProvider } from "@aws-sdk/types";
+/**
+ * Creates a credential provider that sources credentials from `aws login` cached tokens
+ * @public
+ */
+export declare const fromLoginCredentials: (init?: FromLoginCredentialsInit) => RuntimeConfigAwsCredentialIdentityProvider;

package/dist-types/index.d.ts

@@ -2,10 +2,11 @@ export * from "./createCredentialChain";
 export * from "./fromCognitoIdentity";
 export * from "./fromCognitoIdentityPool";
 export * from "./fromContainerMetadata";
-export { fromHttp, FromHttpOptions, HttpProviderCredentials } from "@aws-sdk/credential-provider-http";
 export * from "./fromEnv";
+export { fromHttp, FromHttpOptions, HttpProviderCredentials } from "@aws-sdk/credential-provider-http";
 export * from "./fromIni";
 export * from "./fromInstanceMetadata";
+export * from "./fromLoginCredentials";
 export * from "./fromNodeProviderChain";
 export * from "./fromProcess";
 export * from "./fromSSO";

package/dist-types/ts3.4/fromLoginCredentials.d.ts

@@ -0,0 +1,5 @@
+import { FromLoginCredentialsInit } from "@aws-sdk/credential-provider-login";
+import { RuntimeConfigAwsCredentialIdentityProvider } from "@aws-sdk/types";
+export declare const fromLoginCredentials: (
+  init?: FromLoginCredentialsInit
+) => RuntimeConfigAwsCredentialIdentityProvider;

package/dist-types/ts3.4/index.d.ts

@@ -2,14 +2,15 @@ export * from "./createCredentialChain";
 export * from "./fromCognitoIdentity";
 export * from "./fromCognitoIdentityPool";
 export * from "./fromContainerMetadata";
+export * from "./fromEnv";
 export {
   fromHttp,
   FromHttpOptions,
   HttpProviderCredentials,
 } from "@aws-sdk/credential-provider-http";
-export * from "./fromEnv";
 export * from "./fromIni";
 export * from "./fromInstanceMetadata";
+export * from "./fromLoginCredentials";
 export * from "./fromNodeProviderChain";
 export * from "./fromProcess";
 export * from "./fromSSO";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-providers",
-  "version": "3.935.0",
+  "version": "3.936.0",
   "description": "A collection of credential providers, without requiring service clients like STS, Cognito",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -31,18 +31,19 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/client-cognito-identity": "3.935.0",
-    "@aws-sdk/core": "3.935.0",
-    "@aws-sdk/credential-provider-cognito-identity": "3.935.0",
-    "@aws-sdk/credential-provider-env": "3.935.0",
-    "@aws-sdk/credential-provider-http": "3.935.0",
-    "@aws-sdk/credential-provider-ini": "3.935.0",
-    "@aws-sdk/credential-provider-node": "3.935.0",
-    "@aws-sdk/credential-provider-process": "3.935.0",
-    "@aws-sdk/credential-provider-sso": "3.935.0",
-    "@aws-sdk/credential-provider-web-identity": "3.935.0",
-    "@aws-sdk/nested-clients": "3.935.0",
-    "@aws-sdk/types": "3.930.0",
+    "@aws-sdk/client-cognito-identity": "3.936.0",
+    "@aws-sdk/core": "3.936.0",
+    "@aws-sdk/credential-provider-cognito-identity": "3.936.0",
+    "@aws-sdk/credential-provider-env": "3.936.0",
+    "@aws-sdk/credential-provider-http": "3.936.0",
+    "@aws-sdk/credential-provider-ini": "3.936.0",
+    "@aws-sdk/credential-provider-login": "3.936.0",
+    "@aws-sdk/credential-provider-node": "3.936.0",
+    "@aws-sdk/credential-provider-process": "3.936.0",
+    "@aws-sdk/credential-provider-sso": "3.936.0",
+    "@aws-sdk/credential-provider-web-identity": "3.936.0",
+    "@aws-sdk/nested-clients": "3.936.0",
+    "@aws-sdk/types": "3.936.0",
     "@smithy/config-resolver": "^4.4.3",
     "@smithy/core": "^3.18.5",
     "@smithy/credential-provider-imds": "^4.2.5",