Henry is an agent for regularly updateing knox and other AWS clients with temporary credentials from the AWS Security Token Service (STS).
The AWS Security Token Service is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).
Henry polls the EC2 Instance Metadata API to fetch the most up-to-date security credentials and makes it possible to use IAM Roles to delegate access to Node.js applications.
Set up a new instance:
var henry = new Henry({
api: 'http://169.254.169.254',
version: 'latest',
interval: 3e5
});
Create a knox client and register it with henry:
var s3 = require('knox').createClient({
key: 'xxx',
secret: 'yyy',
bucket: 'zzz'
});
henry.add(s3);
Henry will automatically keep the knox client up-to-date with valid credentials. To manually refresh:
henry.refresh(function(err, credentials) {
if (err) throw err;
});
For non-knox clients provide provide a mapping so Henry knows what properties
to use:
{
key: 'customKey',
secret: 'customSecret',
token: 'customToken'
}
Provide an optional callback function called with arguments err and credentials.
Manually refresh credentials and update all registered clients.
Provide an optional callback function called with arguments err and credentials.
Stop henry polling.
Start henry polling.