如何在dynamodb(aws-sdk javascript)中使用假定角色凭证?

我已经在.aws/credetials文件中拥有了aws承担角色凭据。 如何使用它来创建sts或dynamodb,比如:

const { DynamoDB } = require('aws-sdk');
const { DocumentClient } = DynamoDB;

 const dynamo = new DynamoDB({
 endpoint: process.env.AWS_ENDPOINT,
 region: process.env.AWS_REGION,
 accessKeyId: process.env.AWS_ACCESS_KEY_ID,
 secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
 secretToken: process.env.aws_security_token
 });

我是说我犯了个错误:

root@myubuntu:~/work/contacts_api# node ./seed/runner.js

` `

检查“contacts”表是否存在 {无法识别的客户端异常:请求中包含的安全令牌无效。 应请求.extracterror(/root/work/contacts_api/node_modules/aws sdk/lib/protocol/json.js:51:27) 应请求调用侦听器(/root/work/contacts_api/node_modules/aws sdk/lib/sequential_executor.js:106:20) 应请求发出(/root/work/contacts\u api/node\u modules/aws sdk/lib/sequential\u executor.js:78:10) 应请求.emit(/root/work/contacts_api/node_modules/aws sdk/lib/request.js:683:14) 应请求转换(/root/work/contacts_api/node_modules/aws sdk/lib/request.js:22:10) 在acceptorstatemachine.runto(/root/work/contacts\u api/node\u modules/aws sdk/lib/state\u machine.js:14:12) at/root/work/contacts_api/node_modules/aws sdk/lib/state_machine.js:26:10 应请求。(/root/work/contacts_-api/node_-modules/aws-sdk/lib/request.js:38:9) 应请求。(/root/work/contacts\u api/node\u模块/aws sdk/lib/request.js:685:12) 应请求.calllisteners(/root/work/contacts_api/node_modules/aws sdk/lib/sequential_executor.js:116:18) 消息:“请求中包含的安全令牌无效。”, code:'无法识别的客户端异常', 时间:2019-01-07t05:39:54.907Z, 请求ID:'a5cfv62p0tghjh7vdibsl0jrc3vv4kqnso5aemvjf66q9asuaajg', 状态码:400, 可重试:错误, retrydelay:5.013458338738063}

` `

如果我想使用mfa证书,我想知道初始证书的正确方法。