Merge pull request #22 from Infisical/daniel/update-aws-sdk

fix: removal of aws-sdk dependency

package.json

@@ -28,7 +28,10 @@
     "tsup": "^8.2.4"
   },
   "dependencies": {
-    "aws-sdk": "2.1311.0",
+    "@aws-crypto/sha256-js": "^5.2.0",
+    "@aws-sdk/credential-providers": "^3.758.0",
+    "@aws-sdk/protocol-http": "^3.370.0",
+    "@aws-sdk/signature-v4": "^3.370.0",
     "axios": "^1.7.5",
     "typescript": "^5.5.4",
     "zod": "^3.23.8"

src/custom/util.ts

@@ -1,6 +1,11 @@
 import axios from "axios";
 import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants";
-import AWS from "aws-sdk";
+
+import { Sha256 } from "@aws-crypto/sha256-js";
+import { fromNodeProviderChain } from "@aws-sdk/credential-providers";
+import { HttpRequest } from "@aws-sdk/protocol-http";
+import { SignatureV4 } from "@aws-sdk/signature-v4";
+
 import { InfisicalSDKError } from "./errors";
 import { Secret } from "../api/types";
 
@@ -44,22 +49,11 @@ export const getAwsRegion = async () => {
 };
 
 export const performAwsIamLogin = async (region: string) => {
-	AWS.config.update({
+	const credentials = await fromNodeProviderChain()();
-		region
-	});
 
-	await new Promise<{ sessionToken?: string; accessKeyId: string; secretAccessKey: string }>((resolve, reject) => {
+	if (!credentials.accessKeyId || !credentials.secretAccessKey) {
-		AWS.config.getCredentials((err, res) => {
-			if (err) {
-				throw err;
-			} else {
-				if (!res) {
 		throw new InfisicalSDKError("Credentials not found");
 	}
-				return resolve(res);
-			}
-		});
-	});
 
 	const iamRequestURL = `https://sts.${region}.amazonaws.com/`;
 	const iamRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";
@@ -68,23 +62,40 @@ export const performAwsIamLogin = async (region: string) => {
 		Host: `sts.${region}.amazonaws.com`
 	};
 
-	const request = new AWS.HttpRequest(new AWS.Endpoint(iamRequestURL), region);
+	const request = new HttpRequest({
-	request.method = "POST";
+		protocol: "https:",
-	request.headers = iamRequestHeaders;
+		hostname: `sts.${region}.amazonaws.com`,
+		path: "/",
+		method: "POST",
+		headers: {
+			...iamRequestHeaders,
+			"Content-Length": String(Buffer.byteLength(iamRequestBody))
+		},
+		body: iamRequestBody
+	});
 
-	// @ts-expect-error -- .util is not typed
+	const signer = new SignatureV4({
-	request.headers["X-Amz-Date"] = AWS.util.date.iso8601(new Date()).replace(/[:-]|\.\d{3}/g, "");
+		credentials,
-	request.body = iamRequestBody;
+		region,
-	request.headers["Content-Length"] = String(Buffer.byteLength(iamRequestBody));
+		service: "sts",
+		sha256: Sha256
+	});
 
-	// @ts-expect-error -- .Signers is not typed
+	const signedRequest = await signer.sign(request);
-	const signer = new AWS.Signers.V4(request, "sts");
+
-	signer.addAuthorization(AWS.config.credentials, new Date());
+	const headers: Record<string, string> = {};
+	Object.entries(signedRequest.headers).forEach(([key, value]) => {
+		if (typeof value === "string") {
+			// Normalize Authorization header to proper case
+			const normalizedKey = key.toLowerCase() === "authorization" ? "Authorization" : key;
+			headers[normalizedKey] = value;
+		}
+	});
 
 	return {
 		iamHttpRequestMethod: "POST",
 		iamRequestUrl: iamRequestURL,
 		iamRequestBody: iamRequestBody,
-		iamRequestHeaders: iamRequestHeaders
+		iamRequestHeaders: headers
-	} as const;
+	};
 };

test/aws_auth.ts

@@ -0,0 +1,13 @@
+import { InfisicalSDK } from "../src";
+
+(async () => {
+	const client = new InfisicalSDK({
+		siteUrl: "https://app.infisical.com" // Optional, defaults to https://app.infisical.com
+	});
+
+	await client.auth().awsIamAuth.login({
+		identityId: "b1c540b8-4ca6-407e-8ce5-6696e8db50c4"
+	});
+
+	console.log(client.auth().getAccessToken());
+})();

test/index.ts

@@ -38,7 +38,8 @@ import { InfisicalSDK } from "../src";
 	const folder = await client.folders().create({
 		name: "test-folder",
 		projectId: project.id,
-		environment: environment.slug
+		environment: environment.slug,
+		path: "/"
 	});
 
 	console.log("Inviting member to project");