diff --git a/javascript/ql/lib/ext/aws-sdk.model.yml b/javascript/ql/lib/ext/aws-sdk.model.yml
new file mode 100644
index 000000000000..eefa87fbe613
--- /dev/null
+++ b/javascript/ql/lib/ext/aws-sdk.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sinkModel
+    data:
+    - ["aws-sdk", "AnyMember.Argument[0].Member[secretAccessKey,accessKeyId]", "credentials-key"]
+    - ["aws-sdk", "AnyMember.Member[secretAccessKey,accessKeyId]", "credentials-key"]
+    - ["aws-sdk", "Member[Credentials].Argument[0,1]", "credentials-key"]
diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
index d2da5f21b3cd..22311127d548 100644
--- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
@@ -9,7 +9,7 @@
 | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | password |
 | HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:41:38:41:47 | 'username' | user name |
 | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | password |
-| HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:42:35:42:44 | 'username' | user name |
+| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | key |
 | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | password |
 | HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:44:34:44:43 | 'username' | user name |
 | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | password |
@@ -75,6 +75,99 @@
 | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:385:31:385:39 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:385:31:385:39 | secretKey | jwt key |
 | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:399:17:399:25 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:399:17:399:25 | secretKey | jwt key |
 | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:416:27:416:35 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:416:27:416:35 | secretKey | jwt key |
+| HardcodedCredentials.js:423:43:423:53 | "AccessID1" | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | key |
+| HardcodedCredentials.js:424:49:424:59 | "AccessID1" | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | key |
+| HardcodedCredentials.js:425:43:425:53 | "AccessID1" | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | key |
+| HardcodedCredentials.js:426:43:426:53 | "AccessID1" | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | key |
+| HardcodedCredentials.js:427:47:427:57 | "AccessID1" | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | key |
+| HardcodedCredentials.js:428:69:428:79 | "AccessID1" | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | key |
+| HardcodedCredentials.js:429:55:429:65 | "AccessID1" | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | key |
+| HardcodedCredentials.js:430:55:430:65 | "AccessID1" | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | key |
+| HardcodedCredentials.js:431:41:431:51 | "AccessID1" | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | key |
+| HardcodedCredentials.js:432:43:432:53 | "AccessID1" | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | key |
+| HardcodedCredentials.js:433:51:433:61 | "AccessID1" | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | key |
+| HardcodedCredentials.js:434:55:434:65 | "AccessID1" | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | key |
+| HardcodedCredentials.js:435:65:435:75 | "AccessID1" | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | key |
+| HardcodedCredentials.js:436:49:436:59 | "AccessID1" | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | key |
+| HardcodedCredentials.js:437:53:437:63 | "AccessID1" | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | key |
+| HardcodedCredentials.js:438:67:438:77 | "AccessID1" | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | key |
+| HardcodedCredentials.js:439:43:439:53 | "AccessID1" | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | key |
+| HardcodedCredentials.js:440:53:440:63 | "AccessID1" | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | key |
+| HardcodedCredentials.js:441:59:441:69 | "AccessID1" | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | key |
+| HardcodedCredentials.js:442:51:442:61 | "AccessID1" | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | key |
+| HardcodedCredentials.js:443:45:443:55 | "AccessID1" | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | key |
+| HardcodedCredentials.js:444:49:444:59 | "AccessID1" | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | key |
+| HardcodedCredentials.js:445:51:445:61 | "AccessID1" | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | key |
+| HardcodedCredentials.js:446:57:446:67 | "AccessID1" | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | key |
+| HardcodedCredentials.js:447:57:447:67 | "AccessID1" | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | key |
+| HardcodedCredentials.js:448:61:448:71 | "AccessID1" | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | key |
+| HardcodedCredentials.js:449:63:449:73 | "AccessID1" | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | key |
+| HardcodedCredentials.js:450:71:450:81 | "AccessID1" | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | key |
+| HardcodedCredentials.js:451:57:451:67 | "AccessID1" | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | key |
+| HardcodedCredentials.js:452:65:452:75 | "AccessID1" | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | key |
+| HardcodedCredentials.js:453:57:453:67 | "AccessID1" | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | key |
+| HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | key |
+| HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | user name |
+| HardcodedCredentials.js:455:63:455:73 | "AccessID1" | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | key |
+| HardcodedCredentials.js:456:65:456:75 | "AccessID1" | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | key |
+| HardcodedCredentials.js:457:43:457:53 | "AccessID1" | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | key |
+| HardcodedCredentials.js:458:65:458:75 | "AccessID1" | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | key |
+| HardcodedCredentials.js:459:43:459:53 | "AccessID1" | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | key |
+| HardcodedCredentials.js:460:67:460:77 | "AccessID1" | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | key |
+| HardcodedCredentials.js:461:97:461:107 | "AccessID1" | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | key |
+| HardcodedCredentials.js:462:55:462:65 | "AccessID1" | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | key |
+| HardcodedCredentials.js:463:55:463:65 | "AccessID1" | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | key |
+| HardcodedCredentials.js:464:43:464:53 | "AccessID1" | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | key |
+| HardcodedCredentials.js:465:65:465:75 | "AccessID1" | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | key |
+| HardcodedCredentials.js:466:59:466:69 | "AccessID1" | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | key |
+| HardcodedCredentials.js:467:43:467:53 | "AccessID1" | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | key |
+| HardcodedCredentials.js:468:43:468:53 | "AccessID1" | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | key |
+| HardcodedCredentials.js:469:59:469:69 | "AccessID1" | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | key |
+| HardcodedCredentials.js:470:55:470:65 | "AccessID1" | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | key |
+| HardcodedCredentials.js:471:59:471:69 | "AccessID1" | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | key |
+| HardcodedCredentials.js:472:57:472:67 | "AccessID1" | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | key |
+| HardcodedCredentials.js:473:53:473:63 | "AccessID1" | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | key |
+| HardcodedCredentials.js:474:55:474:65 | "AccessID1" | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | key |
+| HardcodedCredentials.js:475:47:475:57 | "AccessID1" | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | key |
+| HardcodedCredentials.js:476:83:476:93 | "AccessID1" | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | key |
+| HardcodedCredentials.js:477:67:477:77 | "AccessID1" | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | key |
+| HardcodedCredentials.js:478:59:478:69 | "AccessID1" | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | key |
+| HardcodedCredentials.js:479:43:479:53 | "AccessID1" | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | key |
+| HardcodedCredentials.js:480:51:480:61 | "AccessID1" | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | key |
+| HardcodedCredentials.js:481:69:481:79 | "AccessID1" | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | key |
+| HardcodedCredentials.js:482:61:482:71 | "AccessID1" | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | key |
+| HardcodedCredentials.js:483:57:483:67 | "AccessID1" | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | key |
+| HardcodedCredentials.js:484:61:484:71 | "AccessID1" | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | key |
+| HardcodedCredentials.js:485:45:485:55 | "AccessID1" | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | key |
+| HardcodedCredentials.js:486:63:486:73 | "AccessID1" | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | key |
+| HardcodedCredentials.js:487:43:487:53 | "AccessID1" | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | key |
+| HardcodedCredentials.js:488:43:488:53 | "AccessID1" | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | key |
+| HardcodedCredentials.js:489:43:489:53 | "AccessID1" | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | key |
+| HardcodedCredentials.js:490:53:490:63 | "AccessID1" | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | key |
+| HardcodedCredentials.js:491:47:491:57 | "AccessID1" | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | key |
+| HardcodedCredentials.js:492:51:492:61 | "AccessID1" | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | key |
+| HardcodedCredentials.js:493:51:493:61 | "AccessID1" | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | key |
+| HardcodedCredentials.js:494:51:494:61 | "AccessID1" | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | key |
+| HardcodedCredentials.js:495:57:495:67 | "AccessID1" | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | key |
+| HardcodedCredentials.js:496:61:496:71 | "AccessID1" | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | key |
+| HardcodedCredentials.js:497:55:497:65 | "AccessID1" | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | key |
+| HardcodedCredentials.js:498:83:498:93 | "AccessID1" | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | key |
+| HardcodedCredentials.js:499:59:499:69 | "AccessID1" | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | key |
+| HardcodedCredentials.js:500:61:500:71 | "AccessID1" | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | key |
+| HardcodedCredentials.js:501:55:501:65 | "AccessID1" | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | key |
+| HardcodedCredentials.js:502:61:502:71 | "AccessID1" | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | key |
+| HardcodedCredentials.js:503:57:503:67 | "AccessID1" | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | key |
+| HardcodedCredentials.js:504:71:504:81 | "AccessID1" | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | key |
+| HardcodedCredentials.js:505:59:505:69 | "AccessID1" | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | key |
+| HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | key |
+| HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | key |
+| HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | key |
+| HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | key |
+| HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | key |
+| HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | key |
+| HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | key |
+| HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | user name |
+| HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | password |
 | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | user name |
 | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | password |
 edges
@@ -297,6 +390,184 @@ nodes
 | HardcodedCredentials.js:414:9:414:43 | secretKey | semmle.label | secretKey |
 | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" |
 | HardcodedCredentials.js:416:27:416:35 | secretKey | semmle.label | secretKey |
+| HardcodedCredentials.js:423:43:423:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:423:73:423:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:424:49:424:59 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:424:79:424:95 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:425:43:425:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:425:73:425:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:426:43:426:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:426:73:426:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:427:47:427:57 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:427:77:427:93 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:428:69:428:79 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:428:99:428:115 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:429:55:429:65 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:429:85:429:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:430:55:430:65 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:430:85:430:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:431:41:431:51 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:431:71:431:87 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:432:43:432:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:432:73:432:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:433:51:433:61 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:433:81:433:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:434:55:434:65 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:434:85:434:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:435:65:435:75 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:435:95:435:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:436:49:436:59 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:436:79:436:95 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:437:53:437:63 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:437:83:437:99 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:438:67:438:77 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:438:97:438:113 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:439:43:439:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:439:73:439:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:440:53:440:63 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:440:83:440:99 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:441:59:441:69 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:441:89:441:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:442:51:442:61 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:442:81:442:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:443:45:443:55 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:443:75:443:91 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:444:49:444:59 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:444:79:444:95 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:445:51:445:61 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:445:81:445:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:446:57:446:67 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:446:87:446:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:447:57:447:67 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:447:87:447:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:448:61:448:71 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:448:91:448:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:449:63:449:73 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:449:93:449:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:450:71:450:81 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:450:101:450:117 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:451:57:451:67 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:451:87:451:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:452:65:452:75 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:452:95:452:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:453:57:453:67 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:453:87:453:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:454:49:454:59 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:454:79:454:95 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:455:63:455:73 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:455:93:455:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:456:65:456:75 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:456:95:456:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:457:43:457:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:457:73:457:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:458:65:458:75 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:458:95:458:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:459:43:459:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:459:73:459:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:460:67:460:77 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:460:97:460:113 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:461:97:461:107 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:461:127:461:143 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:462:55:462:65 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:462:85:462:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:463:55:463:65 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:463:85:463:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:464:43:464:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:464:73:464:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:465:65:465:75 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:465:95:465:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:466:59:466:69 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:466:89:466:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:467:43:467:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:467:73:467:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:468:43:468:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:468:73:468:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:469:59:469:69 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:469:89:469:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:470:55:470:65 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:470:85:470:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:471:59:471:69 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:471:89:471:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:472:57:472:67 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:472:87:472:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:473:53:473:63 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:473:83:473:99 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:474:55:474:65 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:474:85:474:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:475:47:475:57 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:475:77:475:93 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:476:83:476:93 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:476:113:476:129 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:477:67:477:77 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:477:97:477:113 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:478:59:478:69 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:478:89:478:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:479:43:479:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:479:73:479:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:480:51:480:61 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:480:81:480:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:481:69:481:79 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:481:99:481:115 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:482:61:482:71 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:482:91:482:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:483:57:483:67 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:483:87:483:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:484:61:484:71 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:484:91:484:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:485:45:485:55 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:485:75:485:91 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:486:63:486:73 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:486:93:486:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:487:43:487:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:487:73:487:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:488:43:488:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:488:73:488:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:489:43:489:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:489:73:489:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:490:53:490:63 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:490:83:490:99 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:491:47:491:57 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:491:77:491:93 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:492:51:492:61 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:492:81:492:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:493:51:493:61 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:493:81:493:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:494:51:494:61 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:494:81:494:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:495:57:495:67 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:495:87:495:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:496:61:496:71 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:496:91:496:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:497:55:497:65 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:497:85:497:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:498:83:498:93 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:498:113:498:129 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:499:59:499:69 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:499:89:499:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:500:61:500:71 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:500:91:500:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:501:55:501:65 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:501:85:501:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:502:61:502:71 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:502:91:502:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:503:57:503:67 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:503:87:503:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:504:71:504:81 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:504:101:504:117 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:505:59:505:69 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:505:89:505:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:506:41:506:51 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:506:71:506:87 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:507:43:507:53 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:507:73:507:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:508:63:508:73 | "AccessID1" | semmle.label | "AccessID1" |
+| HardcodedCredentials.js:508:93:508:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
+| HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" |
+| HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | semmle.label | "hgfedcba" |
+| HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" |
+| HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | semmle.label | "hgfedcba" |
+| HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" |
+| HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | semmle.label | "hgfedcba" |
 | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' |
 | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | semmle.label | 'hgfedcba' |
 subpaths
diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js
index 9bd7b68bfbaf..7d102a4ee3dd 100644
--- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js
+++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js
@@ -415,3 +415,109 @@
 
     app.use(jwt({ secret: secretKey })); // $ Sink
 })();
+
+
+(function(usr, passwd) {
+    const AWS = require("aws-sdk");
+
+    const ec2 = new AWS.EC2({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const lambda = new AWS.Lambda({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const ecs = new AWS.ECS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const eks = new AWS.EKS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const batch = new AWS.Batch({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const elasticbeanstalk = new AWS.ElasticBeanstalk({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const lightsail = new AWS.Lightsail({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const apprunner = new AWS.AppRunner({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const s3 = new AWS.S3({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const efs = new AWS.EFS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const glacier = new AWS.Glacier({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const s3control = new AWS.S3Control({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const storagegateway = new AWS.StorageGateway({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const backup = new AWS.Backup({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const dynamodb = new AWS.DynamoDB({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const dynamodbstreams = new AWS.DynamoDBStreams({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const rds = new AWS.RDS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const redshift = new AWS.Redshift({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const elasticache = new AWS.ElastiCache({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const neptune = new AWS.Neptune({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const qldb = new AWS.QLDB({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const athena = new AWS.Athena({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const route53 = new AWS.Route53({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const cloudfront = new AWS.CloudFront({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const apigateway = new AWS.APIGateway({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const apigatewayv2 = new AWS.ApiGatewayV2({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const directconnect = new AWS.DirectConnect({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const globalaccelerator = new AWS.GlobalAccelerator({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const cloudwatch = new AWS.CloudWatch({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const cloudformation = new AWS.CloudFormation({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const cloudtrail = new AWS.CloudTrail({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const config = new AWS.Config({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const organizations = new AWS.Organizations({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const servicecatalog = new AWS.ServiceCatalog({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const ssm = new AWS.SSM({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const resourcegroups = new AWS.ResourceGroups({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const iam = new AWS.IAM({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const cognitoidentity = new AWS.CognitoIdentity({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const guardduty = new AWS.GuardDuty({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const inspector = new AWS.Inspector({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const kms = new AWS.KMS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const secretsmanager = new AWS.SecretsManager({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const securityhub = new AWS.SecurityHub({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const sts = new AWS.STS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const waf = new AWS.WAF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const wafregional = new AWS.WAFRegional({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const sagemaker = new AWS.SageMaker({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const rekognition = new AWS.Rekognition({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const comprehend = new AWS.Comprehend({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const textract = new AWS.Textract({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const translate = new AWS.Translate({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const polly = new AWS.Polly({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const lexmodelbuildingservice = new AWS.LexModelBuildingService({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const machinelearning = new AWS.MachineLearning({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const personalize = new AWS.Personalize({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const emr = new AWS.EMR({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const kinesis = new AWS.Kinesis({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const kinesisanalytics = new AWS.KinesisAnalytics({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const kinesisvideo = new AWS.KinesisVideo({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const quicksight = new AWS.QuickSight({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const datapipeline = new AWS.DataPipeline({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const glue = new AWS.Glue({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const lakeformation = new AWS.LakeFormation({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const sns = new AWS.SNS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const sqs = new AWS.SQS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const ses = new AWS.SES({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const pinpoint = new AWS.Pinpoint({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const chime = new AWS.Chime({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const connect = new AWS.Connect({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const amplify = new AWS.Amplify({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const appsync = new AWS.AppSync({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const devicefarm = new AWS.DeviceFarm({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const iotanalytics = new AWS.IoTAnalytics({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const iotevents = new AWS.IoTEvents({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const iot1clickdevicesservice = new AWS.IoT1ClickDevicesService({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const iotsitewise = new AWS.IoTSiteWise({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const mediaconvert = new AWS.MediaConvert({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const medialive = new AWS.MediaLive({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const mediapackage = new AWS.MediaPackage({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const mediastore = new AWS.MediaStore({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const elastictranscoder = new AWS.ElasticTranscoder({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const eventbridge = new AWS.EventBridge({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const mq = new AWS.MQ({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const swf = new AWS.SWF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+    const stepfunctions = new AWS.StepFunctions({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
+
+    AWS.config.accessKeyId = "SOMEACCESSKEY"; // $ Alert
+    AWS.config.secretAccessKey = "hgfedcba"; // $ Alert
+    
+    const creds = new AWS.Credentials(
+        "SOMEACCESSKEY", // $ Alert
+        "hgfedcba" // $ Alert
+    ); 
+    AWS.config.setCredentials(creds); 
+    
+    AWS.config.update({
+      accessKeyId: "SOMEACCESSKEY", // $ Alert
+      secretAccessKey: "hgfedcba" // $ Alert
+    });
+})();