2

First of all, I know there are similar questions here at SO. Also I want to let you know I have already found out what the problem was. Just want to share the solution with others who is potentially looking for the solution of the same problem... And no, it's not a duplicate topic.

Few days ago, my NodeJS script stopped working with AWS SQS suddenly! 

Access to the resource https://sqs.us-west-2.amazonaws.com/ is denied.

But what was interesting, when I tested SQS via aws-cli with appropriate profile, it worked!

I spent many hours searching and trying to find solution... Typical problem of other programmers here at StackOverflow (for example like here) is pretty obvious: wrong IAM policy or wrong credentials. But everything worked for me few days ago and not now?! It brought me crazy.

Spoiler alert! Well, at the end, the problem was really about wrong credentials. But how is it possible when nothing has been changed on our side, right?

I found similar question at AWS Developer forum - I started playing with IAM policies but no change.

Ok, so what has happened? See my answer below

Zdeněk
  • 163
  • 9

1 Answers1

2

Ok, so what has happened?

Around Oct 17, 2018, you can find "Feature/load shared config" in aws-sdk-js commit history. It's a version v2.337.0+. I didn't read the code but it seems that since that time (and version), the priority of getting AWS credentials has changed. Before that, it seems environment variables had bigger priority than config file. But not anymore! What does it mean?

Well, in my case, I have several profiles in .aws/credentials and my default profile IS NOT the one with full access permissions. If your default profile has AdministratorAccess policy, this problem is not relevant for you!

I use profiles in the config file for aws-cli and not for the script. In my script, I use environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

Do you see the problem now? Before the change of SDK, it worked, because SDK chose environment variables first. But since some logic has changed within SDK, it chose default profile from config file. And as I wrote earlier, my default profile couldn't access SQS!

So, my solution was to remove (rename) default profile from config file. And because there was no default profile anymore, SDK started to use my environment variables again.

Glory to the SDK!

Zdeněk
  • 163
  • 9