Setting credentials in Node.js - Amazon SDK for JavaScript
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

The Amazon SDK for JavaScript V3 API Reference Guide describes in detail all the API operations for the Amazon SDK for JavaScript version 3 (V3).

Starting October 1, 2022, Amazon SDK for JavaScript (v3) will end support for Internet Explorer 11 (IE 11). For details, see Announcing the end of support for Internet Explorer 11 in the Amazon SDK for JavaScript (v3).

Setting credentials in Node.js

There are several ways in Node.js to supply your credentials to the SDK. Some of these are more secure and others afford greater convenience while developing an application. When obtaining credentials in Node.js, be careful about relying on more than one source, such as an environment variable and a JSON file you load. You can change the permissions under which your code runs without realizing the change has happened.

You can supply your credentials in order of recommendation:

  1. Loaded from Amazon Identity and Access Management (IAM) roles for Amazon EC2

  2. Loaded from the shared credentials file (~/.aws/credentials)

  3. Loaded from environment variables

  4. Loaded from a JSON file on disk

  5. Other credential-provider classes provided by the JavaScript SDK

V3 provides a default credential provider in Node.js. So you are not required to supply a credential provider explicitly. The default credential provider attempts to resolve the credentials from a variety of different sources in a given precedence, until a credential is returned from the one of the sources. If the resolved credential is from a dynamic source, which means the credential can expire, the SDK will only use the specific source to refresh the credential.

Here's the order of the sources where the default credential provider resolve credentials from:

  1. Environment variables

  2. The shared credentials file

  3. Credentials loaded from the Amazon ECS credentials provider (if applicable)

  4. Credentials loaded from Amazon Identity and Access Management using the credentials provider of the Amazon EC2 instance (if configured in the instance metadata)


We don't recommend hard-coding your Amazon credentials in your application. Hard-coding credentials poses a risk of exposing your access key ID and secret access key.

The topics in this section describe how to load credentials into Node.js.