AWS credentials chain

The idea is:

It would be nice if the AWS nodes didn’t require to set up AWS access keys but instead follow the same way how the aws-sdk works by using the credentials chain. I understand that this is not useful for the SaaS version of n8n.

My use case:

Especially when running n8n inside your own AWS account, you could assume the instance’s IAM role which doesn’t require having any credentials. Also when starting n8n locally, it would just use the credentials from the developer machine, independently of the strategy (in some companies devs have their own access keys, in other companies devs have short lived access keys with session tokens etc etc).

I think it would be beneficial to add this because:

Creating access keys and storing them somewhere means they can get lost or into wrong hands. You would have to set up some kind of rotation to prevent this which is even more effort. AWS recommends to leverage assume role wherever possible.

Any resources to support this?

I read Implementing a new AWS Node and I understand that you want to keep the dependencies low. Re-implementing the credentials chain might be a bit too much though.

Some ideas:

  • With the JavaScript AWS SDK V3, you can only reference the dependencies that are really needed. So maybe it wouldn’t bloat up the dependency tree for those integrations that are supported in the core that much?
  • (I have never tried this) Maybe you could only add the credential-provider dependency and continue using the Rest API?

Are you willing to work on this?

I would be happy to work on this after getting the desired direction.