When building Cypress automation that interacts with AWS services, the first step is verifying that your test framework can successfully authenticate and communicate with your AWS account.
In this article, you'll learn how to connect Cypress to AWS and perform a simple authentication test using AWS Security Token Service (STS) and the GetCallerIdentity API.
This approach helps confirm that:
- AWS credentials are correctly configured.
- Cypress can invoke AWS SDK operations through Node.js tasks.
- The automation environment is connected to the expected AWS account.
Establishing this connection first provides a solid foundation before automating interactions with services such as AWS Lambda, Amazon S3, Amazon DynamoDB, Amazon SNS, or Amazon SQS.
Prerequisites
Before getting started, ensure you have:
- Node.js installed
- A Cypress project
- Valid AWS credentials:
- AWS Access Key ID
- AWS Secret Access Key
- AWS Session Token (if using temporary credentials)
- AWS Region
Note:If you're running Cypress in an AWS environment (such as AWS CodeBuild, an EC2 instance with an IAM role, or GitHub Actions using OpenID Connect), you may not need to provide credentials manually. The AWS SDK can automatically retrieve credentials from the execution environment.
Step 1: Install the AWS SDK
Install the AWS STS client package:
npm install @aws-sdk/client-sts
For this connectivity test, we only need the AWS Security Token Service (STS) client.
The package provides:
-
STSClient– Creates a client for communicating with AWS STS. -
GetCallerIdentityCommand– Returns details about the authenticated AWS identity associated with the configured credentials.
Step 2: Configure AWS Credentials
For local development, create or update your cypress.env.json file.
{
"AWS_ACCESS_KEY_ID": "",
"AWS_SECRET_ACCESS_KEY": "",
"AWS_SESSION_TOKEN": "",
"AWS_REGION": ""
}
Populate the file with your AWS credentials.
Example:
{
"AWS_ACCESS_KEY_ID": "your-access-key",
"AWS_SECRET_ACCESS_KEY": "your-secret-key",
"AWS_SESSION_TOKEN": "your-session-token",
"AWS_REGION": "us-east-1"
}
Important: Never commit
cypress.env.jsoncontaining real AWS credentials to source control. Add it to your.gitignorefile.Best Practice: For CI/CD pipelines, prefer environment variables, IAM roles, or OpenID Connect (OIDC) instead of storing credentials in a file.
Step 3: Configure Cypress to Use AWS Credentials
Update your cypress.config.ts.
First, import the required AWS SDK classes.
import { defineConfig } from "cypress";
import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts";
Inside setupNodeEvents, map the Cypress environment variables to Node.js environment variables.
setupNodeEvents(on, config) {
const awsKeys = [
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
"AWS_SESSION_TOKEN",
"AWS_REGION",
] as const;
for (const key of awsKeys) {
if (config.env[key]) {
process.env[key] = config.env[key];
}
}
}
Cypress stores environment variables in config.env, while the AWS SDK automatically reads credentials from the standard Node.js environment (process.env).
By copying the values into process.env, the AWS SDK can authenticate automatically without requiring any additional credential configuration.
The AWS SDK follows the AWS Credential Provider Chain, and environment variables are one of the first credential sources it checks.
Step 4: Create an AWS Connection Task
Create a Cypress task that authenticates with AWS using STS.
on("task", {
async awsConnectionTest() {
try {
const client = new STSClient({
region: process.env.AWS_REGION || "us-east-1",
});
const response = await client.send(
new GetCallerIdentityCommand({})
);
return {
Account: response.Account,
Arn: response.Arn,
UserId: response.UserId,
};
} catch (error) {
throw new Error(`AWS authentication failed: ${error}`);
}
},
});
Why use a Cypress task?
AWS SDK calls must run in Cypress tasks because tasks execute in the Node.js process.
Cypress test code runs in the browser context, where direct access to Node.js APIs is not available. Using cy.task() allows your tests to securely execute backend operations such as invoking AWS services.
What happens during this task?
- Cypress calls the
awsConnectionTesttask. - The AWS SDK creates an STS client using the configured region.
- The SDK automatically resolves credentials from the environment.
- AWS validates the credentials.
- STS returns details about the authenticated IAM user or role.
A successful response looks like this:
{
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/test-user",
"UserId": "AIDAxxxxxxxx"
}
Step 5: Create a Cypress Test
Create a new test file.
testing/awsConnection.cy.ts
Add the following test:
describe("AWS connection", () => {
it("connects to AWS using STS GetCallerIdentity", () => {
cy.task("awsConnectionTest").then((identity) => {
cy.log(JSON.stringify(identity));
expect(identity).to.have.property("Account");
expect(identity).to.have.property("Arn");
expect(identity).to.have.property("UserId");
});
});
});
Step 6: Run the Cypress Test
Execute either of the following commands:
npx cypress open
or
npx cypress run
If authentication is successful, Cypress logs the authenticated AWS identity, including:
- AWS Account ID
- IAM User or Role ARN
- User ID
This confirms that Cypress can successfully authenticate with your AWS account.
Why Start with GetCallerIdentity?
Before interacting with AWS services such as:
- AWS Lambda
- Amazon S3
- Amazon DynamoDB
- Amazon SNS
- Amazon SQS
it's recommended to verify that authentication is working correctly.
GetCallerIdentity is ideal because it:
- Confirms that authentication is successful.
- Identifies the AWS account and IAM identity being used.
- Helps diagnose credential-related issues early.
- Does not require permissions beyond the ability to authenticate.
Conclusion
Successfully calling GetCallerIdentity confirms that Cypress can authenticate with AWS using the configured credentials.
In this article, you learned how to:
- Install the AWS STS SDK.
- Configure AWS credentials for local development.
- Map Cypress environment variables to the Node.js environment.
- Create a Cypress task that authenticates with AWS.
- Validate the connection using
GetCallerIdentity.
Once this authentication step is working, you can extend the same approach to automate testing against other AWS services such as Lambda functions, S3 buckets, DynamoDB tables, SNS topics, SQS queues, and many more.
Top comments (0)