PR Custody

PRPR Custody

Support AWS OIDC credentials with static fallback

@acsrujanchecks n/achecks…aws-oidc-iam-fallback → master20 files · +1390 −1284review: @abir-taheerupdated 5d ago

GitHub

▸Description · 1 noise

Summary

Add shared AWS credential support for Vercel OIDC + IAM roles with backward-compatible fallback to existing static credentials and SDK default credential behavior.
Upgrade Apollo direct aws-sdk v2 usage to AWS SDK v3 for S3/R2 object storage and presigned URLs.
Wire Apollo Bedrock credentials to OIDC/static fallback.
Wire Thermos AWS utils to support static keys, Vercel OIDC web identity role assumption, or the AWS SDK default chain.
Add passwordless RDS IAM auth support for Prisma in @composio/db.

Why

This moves AWS-facing code toward passwordless deployment on Vercel:

Vercel OIDC provides the web identity token.
AWS STS assumes the configured IAM role.
AWS services use temporary role credentials.
Existing deployments using static env secrets continue to work.

The PR intentionally keeps fallback behavior so existing environments do not need to migrate all secrets in one deploy.

AWS Services Covered

S3 object storage in Apollo.
Cloudflare R2 S3-compatible temporary storage in Apollo, migrated to AWS SDK v3 while retaining R2 key-based auth.
Bedrock embeddings/reranking credential selection in Apollo.
Thermos AWS S3/Lambda utilities.
RDS/Postgres through Prisma via RDS IAM auth token generation.

AWS SDK v3 Upgrade

Replaces Apollo aws-sdk v2 S3 client usage with:
- @aws-sdk/client-s3
- @aws-sdk/s3-request-presigner
Removes Apollo's direct aws-sdk dependency.
Updates S3/R2 tests and E2E setup helpers from v2 .promise() and getSignedUrlPromise to v3 commands and getSignedUrl.
Keeps Thermos on Go AWS SDK v2, which it already used.

Credential Resolution

Apollo Shared AWS Helper

Adds apps/apollo/src/common/lib/external/aws_credentials.ts.

Behavior:

If a role ARN and Vercel OIDC context are present, use Vercel OIDC role credentials.
If OIDC credential resolution fails and static fallback credentials are configured, return the static credentials.
If no OIDC role is configured, existing static credentials/default SDK behavior remain available.

Relevant envs:

AWS_ROLE_ARN
AWS_REGION
VERCEL
VERCEL_OIDC_TOKEN
VERCEL_DEPLOYMENT_ID

S3 Object Storage

S3 now uses AWS SDK v3 S3Client.

Credential behavior:

Prefer S3_AWS_ROLE_ARN when set.
Otherwise use AWS_ROLE_ARN only for AWS S3 endpoints.
Fall back to S3_ACCESS_KEY_ID + S3_SECRET_ACCESS_KEY.
Preserve SDK default credential chain when no explicit credentials are provided.

Relevant envs:

S3_AWS_ROLE_ARN
AWS_ROLE_ARN
S3_ACCESS_KEY_ID
S3_SECRET_ACCESS_KEY
S3_ENDPOINT_URL
S3_REGION
S3_FORCE_PATH_STYLE

Bedrock

Bedrock provider creation now supports:

AWS_BEDROCK_ROLE_ARN
fallback AWS_ROLE_ARN
fallback AWS_BEDROCK_ACCESS_KEY_ID + AWS_BEDROCK_SECRET_ACCESS_KEY

Reranker availability checks now consider role-based Bedrock configuration.

Thermos

Thermos AWS utils now support:

static AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY
OIDC web identity role assumption with AWS_ROLE_ARN and VERCEL_OIDC_TOKEN
SDK default chain when neither is provided

Static keys still take precedence to avoid changing existing deployments.

Relevant envs:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_ROLE_ARN
AWS_ROLE_SESSION_NAME
VERCEL_OIDC_TOKEN

RDS IAM Auth / Prisma

Adds passwordless RDS IAM auth in @composio/db.

Existing behavior remains:

If DATABASE_IAM_AUTH is not true, Prisma uses DATABASE_URL exactly as before.
Static password deployments are not broken.

Passwordless behavior:

Set DATABASE_IAM_AUTH=true.
Provide either a passwordless DATABASE_URL or discrete IAM DB env vars.
The DB package generates an RDS IAM auth token using AWS SDK v3 @aws-sdk/rds-signer.
That token is injected as the password in the Prisma datasource URL.
The resulting URL points at the RDS Proxy host, so RDS Proxy continues to handle pooling.

Example passwordless URL:

DATABASE_IAM_AUTH=true
DATABASE_URL='postgresql://db_user@rds-proxy-host:5432/db_name?schema=public&sslmode=require'
AWS_REGION='us-east-1'
AWS_ROLE_ARN='arn:aws:iam::<account-id>:role/<vercel-oidc-role>'

Equivalent discrete configuration:

DATABASE_IAM_AUTH=true
DATABASE_IAM_HOST='rds-proxy-host'
DATABASE_IAM_PORT='5432'
DATABASE_IAM_DATABASE='db_name'
DATABASE_IAM_USER='db_user'
DATABASE_IAM_REGION='us-east-1'
DATABASE_IAM_ROLE_ARN='arn:aws:iam::<account-id>:role/<vercel-oidc-role>'
DATABASE_IAM_SCHEMA='public'
DATABASE_IAM_SSL_MODE='require'

Read replica / read proxy support:

DATABASE_READ_URL can be passwordless when DATABASE_READ_IAM_AUTH=true.
DATABASE_READ_IAM_* values override primary DATABASE_IAM_* values.
If DATABASE_READ_URL is absent and DATABASE_IAM_AUTH=true, read Prisma inherits the primary IAM DB settings.

Read envs:

DATABASE_READ_URL
DATABASE_READ_IAM_AUTH
DATABASE_READ_IAM_HOST
DATABASE_READ_IAM_PORT
DATABASE_READ_IAM_DATABASE
DATABASE_READ_IAM_USER
DATABASE_READ_IAM_REGION
DATABASE_READ_IAM_ROLE_ARN
DATABASE_READ_IAM_ROLE_SESSION_NAME
DATABASE_READ_IAM_SCHEMA
DATABASE_READ_IAM_SSL_MODE

Prisma Initialization Detail

Prisma client construction was synchronous before this PR, but RDS IAM token generation is async.

To keep existing call sites unchanged, this PR adds a lazy Prisma client wrapper:

Existing exports remain prisma and readPrismaClient.
Existing prisma.model.method(...) call sites continue to work.
$use and $on registrations are queued before initialization and applied to the real client.
The real Prisma client is created on first operation after the IAM URL is resolved.

This avoids top-level await because @composio/db still bundles to CJS.

Backward Compatibility

Existing static DATABASE_URL deployments continue working.
Existing S3 static key deployments continue working.
Existing Bedrock static key deployments continue working.
Thermos static AWS keys still take precedence.
No caller needs to change imports for prisma, readPrismaClient, or Apollo object storage.

Deployment Notes

For full passwordless AWS operation on Vercel:

Enable Vercel OIDC.
Configure an AWS IAM OIDC provider/trust policy for Vercel.
Set AWS_ROLE_ARN or the service-specific role ARN envs.
Grant the role permissions for the relevant services:
- S3 bucket access
- Bedrock runtime access
- Thermos S3/Lambda access
- rds-db:connect for the DB user/resource ID used by RDS Proxy/RDS IAM auth
For RDS IAM auth, the Postgres user and RDS/RDS Proxy IAM auth settings must already be configured.

Validation

pnpm --dir apps/apollo exec oxlint <changed Apollo files>
pnpm --dir apps/apollo exec oxlint src/env.ts
pnpm --dir packages/db bundle
pnpm --dir packages/db test
env GOCACHE=/private/tmp/hermes-aws-oidc-go-cache go test ./lib/awsutils
Commit hook ran Apollo oxlint/oxfmt.
Initial commit hook also ran Thermos build:openapi.

Known Local Blockers

Targeted Apollo Vitest startup is blocked locally by missing Doppler/env secrets before tests collect.
pnpm --dir apps/apollo check-types still fails on existing generated/Prisma/type issues outside the touched AWS files.
After the local SDK credential type fix, a filtered type-check run reported no touched-file AWS/S3 errors.

▸ 1 bot/status comment hidden

@socket-security[bot]5d ago

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

View full report

loading diff…