From e96c35d571a2d614fe6b551f941fd1e3ba0d7d40 Mon Sep 17 00:00:00 2001 From: Hoan Luu Huu <110280845+xquanluu@users.noreply.github.com> Date: Sat, 30 Nov 2024 09:58:42 +0700 Subject: [PATCH] fixed iamrole from sessionToken to securityToken (#988) * fixed iamrole from sessionToken to securityToken * wip * support get aws credential from instance profile --- lib/tasks/stt-task.js | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/tasks/stt-task.js b/lib/tasks/stt-task.js index 6d1b63e2..f4f6b9e3 100644 --- a/lib/tasks/stt-task.js +++ b/lib/tasks/stt-task.js @@ -219,7 +219,8 @@ class SttTask extends Task { roleArn }); this.logger.debug({roleArn}, `(roleArn) got aws access token ${servedFromCache ? 'from cache' : ''}`); - credentials = {...credentials, accessKeyId, secretAccessKey, sessionToken}; + // from role ARN, we will get SessionToken, but feature server use it as securityToken. + credentials = {...credentials, accessKeyId, secretAccessKey, securityToken: sessionToken}; } else if (vendor === 'verbio' && credentials.client_id && credentials.client_secret) { const {access_token, servedFromCache} = await getVerbioAccessToken(credentials); @@ -229,9 +230,13 @@ class SttTask extends Task { } else if (vendor == 'aws' && !JAMBONES_AWS_TRANSCRIBE_USE_GRPC) { /* get AWS access token */ - const {accessKeyId, secretAccessKey, securityToken, region } = credentials; + const {speech_credential_sid, accessKeyId, secretAccessKey, securityToken, region } = credentials; if (!securityToken) { - const { servedFromCache, ...newCredentials} = await getAwsAuthToken({accessKeyId, secretAccessKey, region}); + const { servedFromCache, ...newCredentials} = await getAwsAuthToken({ + speech_credential_sid, + accessKeyId, + secretAccessKey, + region}); this.logger.debug({newCredentials}, `got aws security token ${servedFromCache ? 'from cache' : ''}`); credentials = {...newCredentials, region}; }