How do we use Instance Profile as a credential source?

[shadycuz]

I want to run k6 tests in our CICD pipelines. The pipeline runners are on AWS and use AWS instance profiles. How can I create an AWSConfig object if I don't have access keys and secrets to pass it?

I was really surprised that jslib-aws is not based on the AWS SDK, which automatically handles authentication for you. https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html

If more than one credential source is available to the SDK, the default precedence of selection is as follows:

1. Credentials that are explicitly set through the service-client constructor
2. Environment variables
3. The shared credentials file
4. Credentials loaded from the ECS credentials provider (if applicable)
5. Credentials that are obtained by using a credential process specified in the shared AWS config file or the shared credentials file. For more information, see Loading Credentials in Node.js using a Configured Credential Process.
6. Credentials loaded from AWS IAM using the credentials provider of the Amazon EC2 instance (if configured in the instance metadata)

I'm using number 6.

[joanlopez]

Hey @shadycuz,

I think you're right, and the sixth credential source from that list isn't supported yet by k6-jslib-aws.
This is something that would require some changes, following what's documented here.

I guess this is feasible, but would require some effort we'll need to prioritize.
Alternatively, you could give it a try, contributions are more than welcome.

Thanks! 🙇🏻

[oleiade]

Hi @shadycuz 👋🏻

Thanks for reporting this issue. Much appreciated 🙇🏻

For context, and as I think it might be an excellent resource to refer to in the future, there are a couple of reasons why k6-jslib-aws is based (as in, its implementation is selectively picked up and adapted from the aws js SDK v3) but not built upon the official node SDK:

• k6 does not use node under the hood, nor v8, but a custom javascript engine goja
• Our javascript runtime still lacks some APIs allowing full compatibility with a node environment. Although we have tried to bridge that gap in recent years, we're still missing some on that front, and I don't believe k6 could be compatible with the SDK natively. (I might be wrong, and if anyone can test it, please go ahead and let us know the result 🙇🏻 )
• In our experience, the AWS SDK is massive, constantly changing in what feels like drastic ways, and embeds many features and services that are irrelevant to the context of k6: reliability testing. Hence, and integrating that we're also a small team, we have decided to implement our own minimal and community-driven version of the SDK that caters to specific needs rather than the whole AWS ecosystem.

For the rest, I fully align with @joanlopez 🤝

Our approach so far has been to build the smallest scope we could and rely on the community to help us integrate and implement changes that catered to further needs. As mentioned above, this is to cater to our small team size and limited resources on that front.

We would really appreciate and take the time to carefully review a PR if you have the capacity to put it together indeed 🎉 🙇🏻