fetch-aws-credentials.ts

fetch-aws-credentials.ts

import { AssumeRoleCommand, STSClient } from '@aws-sdk/client-sts'

export type fetchAwsCredentialsOptions = {
  /**
   * AWS Region to use
   * @default {process.env.AWS_REGION}
   */
  region: string
}

/**
 * Fetch temporary AWS credentials
 * @param roleToAssume full ARN of the role to assume
 * @returns AWS credentials
 */
export async function fetchAwsCredentials(
  roleToAssume: string,
  { region }: fetchAwsCredentialsOptions
) {
  const REGION = region || process.env.AWS_REGION
  const client = new STSClient({ region: REGION })
  const command = new AssumeRoleCommand({
    RoleArn: roleToAssume,
    RoleSessionName: 'HeyAmplifyDiscordBot',
  })
  const response = await client.send(command)
  const { Credentials } = response
  if (
    !Credentials?.AccessKeyId ||
    !Credentials.SecretAccessKey ||
    !Credentials.SessionToken ||
    !Credentials.Expiration
  ) {
    throw new Error('Failed to retrieve credentials')
  }
  return {
    accessKeyId: Credentials.AccessKeyId,
    secretAccessKey: Credentials.SecretAccessKey,
    sessionToken: Credentials.SessionToken,
    expiration: Credentials.Expiration,
  }
}

export type AwsCredentials = Awaited<ReturnType<typeof fetchAwsCredentials>>