henry

Agent for updating temporary credentials using AWS Security Token Service.

npm install henry
77 downloads in the last week
485 downloads in the last month

Henry

Henry is an agent for regularly updateing knox and other AWS clients with temporary credentials from the AWS Security Token Service (STS).

The AWS Security Token Service is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).

Henry polls the EC2 Instance Metadata API to fetch the most up-to-date security credentials and makes it possible to use IAM Roles to delegate access to Node.js applications.

Usage

Set up a new instance:

var henry = new Henry({
    api: 'http://169.254.169.254',
    version: 'latest',
    interval: 3e5
});

Create a knox client and register it with henry:

var s3 = require('knox').createClient({
    key: 'xxx',
    secret: 'yyy',
    bucket: 'zzz'
});
henry.add(s3);

Henry will automatically keep the knox client up-to-date with valid credentials. To manually refresh:

henry.refresh(function(err, credentials) {
    if (err) throw err;
});

API

add(client, [mapping], [callback])

For non-knox clients provide provide a mapping so Henry knows what properties to use:

{
    key: 'customKey',
    secret: 'customSecret',
    token: 'customToken'
}

Provide an optional callback function called with arguments err and credentials.

refresh([callback])

Manually refresh credentials and update all registered clients.

Provide an optional callback function called with arguments err and credentials.

stop()

Stop henry polling.

start()

Start henry polling.

npm loves you