Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
"CredentialsError: Missing credentials in config" with ECS task role after upgrade from 2.338.0 to 2.377.0
See original GitHub issueWe have a scheduled ECS task with a task role that grants permissions to upload files to S3. It has been working fine, however after upgrading aws-sdk from 2.338.0 to 2.377.0 it fails with CredentialsError: Missing credentials in config and the following stack trace:
TypeError: Cannot read property 'accessKeyId' of null
at features.constructor.apiAttemptEvent (/app/node_modules/aws-sdk/lib/service.js:338:42)
at Request.API_CALL_ATTEMPT (/app/node_modules/aws-sdk/lib/service.js:392:34)
at Request.callListeners (/app/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/app/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/app/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/app/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/app/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /app/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/app/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/app/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/app/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
at Request.emit (/app/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/app/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/app/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/app/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /app/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/app/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/app/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/app/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
at Request.emit (/app/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/app/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/app/node_modules/aws-sdk/lib/request.js:22:10)
at SyncProcess.uploadImages (/app/src/syncImages.js:145:13)
Relevant code in our syncImages.js:
this.s3 = new AWS.S3({
apiVersion: '2006-03-01',
params: { Bucket: S3_BUCKET }
});
...
const list = this.s3.listObjectsV2({ Prefix: prefix }).promise(); // Causes the error
We’ve since locked aws-sdk to 2.338.0 in a new revision and our task does not fail.
I’ve had a look through the changelog but didn’t see anything that stood out as a potentional cause of this.
ECS details:
- Agent version 1.22.0
- Our task is run as a scheduled task, EC2 launch type.
- We do not override the task role on the schedule target. It is only set on the task definition.
- We do not set any AWS-related environment variables.
Issue Analytics
- State:
- Created 5 years ago
- Comments:13 (9 by maintainers)
Top Results From Across the Web
Error [CredentialsError]: Missing credentials in config, but only ...
Based on the comments. A proposed solution to the authentication issues is to use IAM Roles for Tasks, instead of hard coding access...
Read more >aws-sdk missing credentials when being run inside ecs?
Am I missing something here? I thought ecs fargate handles the configs and credentials for me. I'm getting a CredentialsError: Missing ...
Read more >missing credentials in config dynamodb local
I think the reason you aren't able to assume a role using the default credentials is because your roleArn is supplied in the...
Read more >Configure IAM task roles in Amazon ECS to avoid "Access ...
Resolution. To correctly configure IAM roles for your task, check the following: Confirm that the ECS container agent is running. To confirm ...
Read more >aws-sdk/CHANGELOG.md - UNPKG
Customer can also propagate Job and Job Definition Tags to ECS Task. ... Updated DeleteEvent operation to catch missing exceptions.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@jstewmon I agree with the direction of the suggestion. Instead of maintaining reference from each request to Credentials, we should make credentals classes as factories for resolved credential object. So that requests won’t share the credentials reference.
You should check out the JS SDK V3 we are working on. It’s still in early stage, but we got rid of the centralized the credentials provider. The idea is that credentials will only be tried to resolve at service client instantiation, making operation calls will not try to fetch credentials any more and they don’t have reference to credentials resolver. Thus we won’t have problems of overriding the credentials in concurrent calls
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.