or run

npx @tessl/cli init

Version

Tile

Overview

Evals

Files

docs

cognito-credentials.md configuration-file-credentials.md custom-credential-chains.md default-provider-chain.md environment-credentials.md http-credentials.md index.md metadata-service-credentials.md process-credentials.md sso-credentials.md temporary-credentials.md web-identity-credentials.md

tile.json

Environment Variable Credentials

Environment variable credential provider reads AWS credentials from standard environment variables, making it the simplest credential source for development, testing, and CI/CD environments.

Capabilities

Environment Variable Provider

Creates a credential provider that reads from environment variables.

/**
 * Create a credential provider that reads credentials from environment variables
 * @param init - Optional initialization parameters
 * @returns Promise-based credential provider function
 */
function fromEnv(init?: FromEnvInit): AwsCredentialIdentityProvider;

interface FromEnvInit {
  /** Optional logger instance for debugging credential resolution */
  logger?: Logger;
}

Environment Variables

The provider reads the following environment variables:

AWS_ACCESS_KEY_ID: The access key for your AWS account (required)
AWS_SECRET_ACCESS_KEY: The secret key for your AWS account (required)
AWS_SESSION_TOKEN: The session key for temporary credentials (optional)
AWS_CREDENTIAL_EXPIRATION: Expiration time in ISO-8601 format for temporary credentials (optional)

Usage Examples:

import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
import { fromEnv } from "@aws-sdk/credential-providers";

// Basic usage
const client = new DynamoDBClient({
  region: "us-east-1",
  credentials: fromEnv()
});

// With logging
const clientWithLogging = new DynamoDBClient({
  region: "us-east-1",
  credentials: fromEnv({
    logger: console
  })
});

Setting Environment Variables

Command Line (Unix/Linux/macOS):

export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
export AWS_SESSION_TOKEN="AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE"

Command Line (Windows):

set AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
set AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
set AWS_SESSION_TOKEN=AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE

Docker Environment:

ENV AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
ENV AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

Error Handling

The provider will reject with an error if:

AWS_ACCESS_KEY_ID is not set or contains a falsy value
AWS_SECRET_ACCESS_KEY is not set or contains a falsy value
AWS_CREDENTIAL_EXPIRATION is set but contains an invalid ISO-8601 date format

import { fromEnv } from "@aws-sdk/credential-providers";

try {
  const credentials = await fromEnv()();
  console.log("Credentials loaded successfully");
} catch (error) {
  console.error("Failed to load credentials from environment:", error.message);
}

Temporary Credentials

When using temporary credentials (e.g., from AWS STS), include the session token:

export AWS_ACCESS_KEY_ID="ASIAIOSFODNN7EXAMPLE"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
export AWS_SESSION_TOKEN="AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE"
# Optional expiration time
export AWS_CREDENTIAL_EXPIRATION="2023-12-31T23:59:59Z"

Availability

Node.js: ✅ Available
Browser: ❌ Not available (environment variables are not accessible in browsers)
React Native: ❌ Not available