getcompanion-ai/co-mono
1
0
Fork 0
mirror of https://github.com/getcompanion-ai/co-mono.git synced 2026-04-17 03:03:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(ai): add AWS ECS/IRSA credential detection for Bedrock, fixes #848

Browse source 
Added support for additional AWS credential environment variables:
- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI (ECS task roles)
- AWS_CONTAINER_CREDENTIALS_FULL_URI (ECS task roles)
- AWS_WEB_IDENTITY_TOKEN_FILE (IRSA for Kubernetes)

Also fixed undefined currentModel variable in OAuth error handling.
This commit is contained in:
Mario Zechner 2026-01-19 16:09:59 +01:00
parent cd0df4c0dd
commit 2b04aefa6d
3 changed files with 17 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
packages/ai/src/stream.ts
View file

@ -80,10 +80,16 @@ export function getEnvApiKey(provider: any): string | undefined {
// 1. AWS_PROFILE - named profile from ~/.aws/credentials
// 2. AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY - standard IAM keys
// 3. AWS_BEARER_TOKEN_BEDROCK - Bedrock API keys (bearer token)
// 4. AWS_CONTAINER_CREDENTIALS_RELATIVE_URI - ECS task roles
// 5. AWS_CONTAINER_CREDENTIALS_FULL_URI - ECS task roles (full URI)
// 6. AWS_WEB_IDENTITY_TOKEN_FILE - IRSA (IAM Roles for Service Accounts)
if (
process.env.AWS_PROFILE ||
(process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) ||
process.env.AWS_BEARER_TOKEN_BEDROCK
process.env.AWS_BEARER_TOKEN_BEDROCK ||
process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ||
process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI ||
process.env.AWS_WEB_IDENTITY_TOKEN_FILE
) {
return "<authenticated>";
}