Skip to content

TypeError: Illegal invocation while assuming role #6690

Closed
@neerajtk13

Description

@neerajtk13

Checkboxes for prior research

Describe the bug

const { STSClient, AssumeRoleCommand } = require("@aws-sdk/client-sts");
const { saveAwsCredentails } = require("../store");

const awsAccessKeyId = process.env.AWS_ACCESS_KEY_ID;
const awsSecretAccessKey =
  process.env.AWS_SECRET_ACCESS_KEY;
const awsSTSRegion = process.env.AWS_STS_REGION || "us-east-1";

let credentials = null;
let expiration = null;
let client = null;
const refreshBuffer = 300000; // Buffer time in milliseconds (5 minutes)

const initializeClient = () => {
  if (!client) {
    client = new STSClient({
      region: awsSTSRegion,
      credentials: {
        accessKeyId: awsAccessKeyId,
        secretAccessKey: awsSecretAccessKey,
      },
    });
  }
};

const assumeRole = async (
  roleArn,
  sessionName,
  externalId,
  sessionDuration
) => {
  try {
    const command = new AssumeRoleCommand({
      RoleArn: roleArn,
      RoleSessionName: sessionName,
      DurationSeconds: sessionDuration,
      ExternalId: externalId,
    });

    console.log("Sending AssumeRoleCommand with parameters:", {
      RoleArn: roleArn,
      RoleSessionName: sessionName,
      DurationSeconds: sessionDuration,
      ExternalId: externalId,
    });

    const response = await client.send(command);
    console.log("Assumed role successfully:", response);

    credentials = {
      accessKeyId: response.Credentials.AccessKeyId,
      secretAccessKey: response.Credentials.SecretAccessKey,
      expiration: response.Credentials.Expiration,
      sessionToken: response.Credentials.SessionToken,
    };

    await saveAwsCredentails(credentials);
    expiration = new Date(response.Credentials.Expiration).getTime();
    return credentials;
  } catch (err) {
    console.error("Error assuming role:", err);
    throw new Error("Failed to assume role");
  }
};

const getCredentials = async (
  roleArn,
  sessionName,
  externalId,
  sessionDuration
) => {
  initializeClient();
  const currentTime = Date.now();

  if (credentials && expiration - currentTime > refreshBuffer) {
    console.log("Returning cached credentials.");
    return credentials;
  }

  console.log("Credentials expired or not available; refetching...");
  return await assumeRole(roleArn, sessionName, externalId, sessionDuration);
};

module.exports = {
  getCredentials,
};

Regression Issue

  • Select this option if this issue appears to be a regression.

SDK version number

"@aws-sdk/client-sts": "^3.696.0"

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

electron js : 21.1.0, Node js: 18.12.0

Reproduction Steps

im running this inside my electron app.

Observed Behavior

the code is failing at const response = await client.send(command);
it is saying TypeError: Illegal invocation while assuming role. it used to work fine till last week .

Expected Behavior

Should return credentials response

Possible Solution

No response

Additional Information/Context

No response

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions