SDK interaction with Node.js v22.13.0+ permission model

[trivikr]

Checkboxes for prior research

• I've gone through Developer Guide and API reference
• I've checked AWS Forums and StackOverflow.
• I've searched for previous similar issues and didn't find any solution.

Describe the bug

SDK should not access file system if credentials are provided

The permission model got stable in node@v22.13.0.

The Node.js Permission Model is a mechanism for restricting access to specific resources during execution. The API exists behind a flag --permission which when enabled, will restrict access to all available permissions.

When starting Node.js with --permission, the ability to access the file system through the fs module, spawn processes, use node:worker_threads, use native addons, use WASI, and enable the runtime inspector will be restricted.

Regression Issue

• Select this option if this issue appears to be a regression.

SDK version number

All

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

>=22.13.0

Reproduction Steps

Pass credentials during client creation, and make any API call

Example code which creates DynamoDB client, and calls listTable API.

import { DynamoDB } from "@aws-sdk/client-dynamodb";
const client = new DynamoDB({
  credentials: {
    accessKeyId: "REDACTED",
    secretAccessKey: "REDACTED",
  },
});
console.log(await client.listTables({}));

Call the sample code with node@>=22.13.0 and pass --permission

Observed Behavior

$ node --permission test.mjs
node:internal/fs/promises:639
    binding.openFileHandle(path, flagsNumber, mode, kUsePromises),
            ^

Error: Access to this API has been restricted
    at open (node:internal/fs/promises:639:13)
    at readFile (node:internal/fs/promises:1242:20)
    at getSource (node:internal/modules/esm/load:42:20)
    at defaultLoad (node:internal/modules/esm/load:114:40)
    at ModuleLoader.load (node:internal/modules/esm/loader:670:12)
    at ModuleLoader.loadAndTranslate (node:internal/modules/esm/loader:483:43)
    at #createModuleJob (node:internal/modules/esm/loader:507:36)
    at #getJobFromResolveResult (node:internal/modules/esm/loader:275:34)
    at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:243:41)
    at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:546:25) {
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemRead',
  resource: '/Users/trivikr/workspace/test/test.mjs'
}

Node.js v22.13.0

Expected Behavior

Call to return data

$ node --permission test.mjs
{
  '$metadata': {
    httpStatusCode: 200,
    requestId: 'H8BOQIB0S8AJRQA28RGQORBIDRVV4KQNSO5AEMVJF66Q9ASUAAJG',
    extendedRequestId: undefined,
    cfId: undefined,
    attempts: 1,
    totalRetryDelay: 0
  },
  TableNames: [ 'TestTableName' ]
}

Possible Solution

No response

Additional Information/Context

No response

[kuhe]

After some investigation, we concluded that this is working as intended.

For filesystem read permission, we need to at least grant it on the files being executed. In the case of this test, it would be the test file and any node_modules being loaded like the SDK. We exclude the ~/.aws/config and credentials files.

# include fs read permission on the file being run and the local node_modules
node --permission --allow-fs-read="./*" ./listTables.mjs

This results in CredentialsProviderError: Could not load credentials from any providers, because my test environment is normally resolved to credentials from file. This behavior is consistent and equivalent with the files not being present, meaning no additional handling is needed at this time by the SDK or Smithy core.

After supplying ENV level credentials, the SDK request works as expected.

[trivikr]

If you want to be more specific, and provide file read access only to the file being executed and dependencies, it can be done as follows

$ node --permission --allow-fs-read=test.mjs --allow-fs-read=node_modules test.mjs

Applications usually have multiple files present outside of node_modules, so providing access to current folder is recommended as mentioned in previous example.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.