Amplify crashes while calling DynamoDB if AWS Credentials are not set

Question

Amplify crashes while calling DynamoDB if AWS Credentials are not set

Closed this issue 5 years ago · 2 comments

First of all, thanks for this plugin.

I've tested it and adjusted a few things (PR right up), but I've encountered an issue where I wasn't sure about the solution.

In my local environment I do not have a "default" profile inside AWS configuration. While testing the plugin I got this error:

Error while executing Local DynamoDB
{
    "operation": "Scan",
    "limit": 20,
    "nextToken": null
}
Error: connect EHOSTUNREACH 169.254.169.254:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1129:14) {
  message: 'Missing credentials in config',
  errno: 'EHOSTUNREACH',
  code: 'CredentialsError',
  syscall: 'connect',
  address: '169.254.169.254',
  port: 80,
  time: 2019-12-09T11:01:12.008Z,
  originalError: {
    message: 'Could not load credentials from any providers',
    errno: 'EHOSTUNREACH',
    code: 'CredentialsError',
    syscall: 'connect',
    address: '169.254.169.254',
    port: 80,
    time: 2019-12-09T11:01:12.008Z,
    originalError: {
      message: 'EC2 Metadata roleName request returned error',
      errno: 'EHOSTUNREACH',
      code: 'EHOSTUNREACH',
      syscall: 'connect',
      address: '169.254.169.254',
      port: 80,
      time: 2019-12-09T11:01:12.007Z,
      originalError: [Object]
    }
  }
}

I tried setting some invalid credentials:

[default]
aws_access_key_id=AKIAFAIL
aws_secret_access_key=AKIAFAIL

And the DynamoDB call went on without further issues.

Since amplify requires the amplify init / amplify configure commands before running, this error would not show on the original library.

I'm not sure what the correct solution would be in this case, though.
I would not want an user to have a set of AWS credentials to work offline with this plugin.

Here are a couple of possible solutions:

Setting a fake set of credentials inside the init scripts
Using serverless provider configuration with the fake credentials as a default

WDYT?

Answer 1 · 2019-12-09T12:04:45.000Z

Thank you for you PR @marcoreni
Concerning this issue, looking at serverless-dynamodb-local, in their example, they suggest doing this:

new AWS.DynamoDB({
    region: 'localhost',
    endpoint: 'http://localhost:8000',
    accessKeyId: 'DEFAULT_ACCESS_KEY',  // needed if you don't have aws credentials at all in env
    secretAccessKey: 'DEFAULT_SECRET' // needed if you don't have aws credentials at all in env

})

So, I guess we could add fake credentials here

Unless, we want to implement custom DynamoDb configuration that allows using a real Dynamodb endpoint (instead of dynamodb offline). Then we could add custom options that takes a custom endpoint, and allow overriding the credentials, or use the one that comes from the provider.
For now, I would just fake them by default.

Answer 2 · 2019-12-09T12:30:16.000Z

Right, for now we can set the fake as default since the endpoint is set inside the initialization.

PR coming right up.