2.0.0-beta.53 - AWS Auth & Config Props
AWS authentication now runs through Alchemy’s own auth-provider
system. alchemy login manages AWS credentials the same way it
manages Cloudflare’s — one profile (selected by ALCHEMY_PROFILE),
one interactive setup, no AWS_PROFILE / AWS_ACCOUNT_ID env
plumbing in your shell. And effect/Config, which beta.45 made the
way to read config inside a Worker, now works in any resource input
prop too.
AWS auth through alchemy login
Section titled “AWS auth through alchemy login”Setting up AWS is now the same flow as every other provider:
alchemy login --configure
# AWS authentication method# ● SSO — aws sso login, credentials loaded from AWS SSO cache# ○ Environment Variables — AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY# ○ Stored — stored in ~/.alchemy/credentialsYour AWS account ID is captured automatically via
STS.GetCallerIdentity and saved on the profile — the Stored method
detects it from the keys you paste, and the Environment Variables
method falls back to STS when AWS_ACCOUNT_ID isn’t exported
(#574).
Auth providers are also evaluated lazily now (#567). Credentials resolve the first time a resource actually needs them — a stack that touches no AWS resources never prompts for AWS auth. Inside lifecycle operations, the environment is read through the new accessor:
reconcile: Effect.fn(function* ({ id, news }) { const { accountId, region } = yield* AWSEnvironment; const { accountId, region } = yield* AWSEnvironment.current; // ...}),Rounding it out, alchemy login always refreshes credentials instead
of short-circuiting on a non-expired cache
(#575), and
--configure no longer runs a redundant login pass after the
interactive setup completes.
effect/Config in any input prop
Section titled “effect/Config in any input prop”beta.45 made effect/Config the way to
read secrets and variables inside a Worker’s init. beta.53 completes
the picture: Config values are resolved in resource input props
— at the top level or nested anywhere inside objects and arrays
(#566).
export default class EffectWorker extends Cloudflare.Worker<EffectWorker>()( "EffectWorker", { main: import.meta.filename, dev: { port: Config.number("PORT").pipe(Config.withDefault(1338)), }, }, Effect.gen(function* () { /* ... */ }),) {}The plan resolves each Config against the deploy environment’s
ConfigProvider, so the concrete value flows into diffing and
hashing — an opaque Config would otherwise hash the same no matter
what it evaluates to. Config.redacted resolves to a Redacted that
stays wrapped end to end, preserving the secrecy boundary. See
Concepts › Secrets and Config.
alchemy dev fixes
Section titled “alchemy dev fixes”Two dev-server fixes land via @distilled.cloud/cloudflare-runtime
bumps (0.10.5 → 0.10.11): a race condition when a stack runs more
than one Workflow in alchemy dev
(#573), and
incorrect Vite handling of require() of Node built-ins in Worker
code (#556).
Also in this release
Section titled “Also in this release”- R2 custom-domain updates ride out
NoSuchBucketduring R2’s endpoint eventual-consistency window — including when a create loses a race and the winning bucket isn’t readable yet (448ba756). - Narrowed S3 bucket tag-fetch requirements to
Credentials | HttpClient | Region. Thanks Kilian Cirera Sant (#555). - Fixed Worker static-assets bundling by switching to a named
import of
@alchemy.run/node-utils/ignore(#572). - Added a missing permission to Tutorial Part 5. Thanks David J. Felix (#560).