AWS authentication using role based IAM (no secret key)


We are using NodeRED running in AWS as a container with some AWS nodes part of node-red-node-aws (node-red-web-nodes) or node-red-contrib-aws

Those nodes require a global config node with AccessKey and SecretKey
We want to move away from adding those credentials into Node-RED and use a IAM role directly attached to the container as we are using with other containers.

I wonder is anyone as ever done that, or if you see that as possible wth the nodes as they are ?

Or do I need to reconsider rewriting the nodes using function nodes directly calling the AWS SDK ?


Or you could update the nodes to support that mode and raise a Pull Request against the project

So you are more or less confirming that this is not achievable with the nodes in that state ?

I'm not sure yet if I'm able to make such PR.
There's a step between doing some JS in a function node and updating a full node :smiley:
I'll probably need some guidance


Not really, if you can write the code in a function node, then editing existing code is considerably easier than writing a node from scratch. The pattern is pretty much the same.

It should just be a case of changing how the AWS client is initialised.

I'm not confirming it can't be done at the moment, I'm just saying if it's not then a little bit more effort helps everybody and you get to learn a little