// NewKinesisBufferFlusher returns a KinesisBufferFlusher configured with // the stream name and partition key. func NewKinesisBufferFlusher(name, partitionKey string) *KinesisBufferFlusher { sess := session.New() // Are we assuming a role? roleARN := conf.GetString("role-arn") if roleARN != "" { sess.Config.Credentials = stscreds.NewCredentials(sess, roleARN, func(o *stscreds.AssumeRoleProvider) { rsn := conf.GetString("role-session-name") if rsn != "" { o.RoleSessionName = rsn } }) } region := conf.GetString("region") if region != "" { sess.Config.Region = aws.String(region) } return &KinesisBufferFlusher{ Name: aws.String(name), PartitionKey: partitionKey, kinesis: kinesis.New(sess), } }
func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers) { // Merge in user provided configuration cfg.MergeIn(userCfg) // Region if not already set by user if len(aws.StringValue(cfg.Region)) == 0 { if len(envCfg.Region) > 0 { cfg.WithRegion(envCfg.Region) } else if envCfg.EnableSharedConfig && len(sharedCfg.Region) > 0 { cfg.WithRegion(sharedCfg.Region) } } // Configure credentials if not already set if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { if len(envCfg.Creds.AccessKeyID) > 0 { cfg.Credentials = credentials.NewStaticCredentialsFromCreds( envCfg.Creds, ) } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil { cfgCp := *cfg cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds( sharedCfg.AssumeRoleSource.Creds, ) cfg.Credentials = stscreds.NewCredentials( &Session{ Config: &cfgCp, Handlers: handlers.Copy(), }, sharedCfg.AssumeRole.RoleARN, func(opt *stscreds.AssumeRoleProvider) { opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName if len(sharedCfg.AssumeRole.ExternalID) > 0 { opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID) } // MFA not supported }, ) } else if len(sharedCfg.Creds.AccessKeyID) > 0 { cfg.Credentials = credentials.NewStaticCredentialsFromCreds( sharedCfg.Creds, ) } else { // Fallback to default credentials provider, include mock errors // for the credential chain so user can identify why credentials // failed to be retrieved. cfg.Credentials = credentials.NewCredentials(&credentials.ChainProvider{ VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors), Providers: []credentials.Provider{ &credProviderError{Err: awserr.New("EnvAccessKeyNotFound", "failed to find credentials in the environment.", nil)}, &credProviderError{Err: awserr.New("SharedCredsLoad", fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil)}, defaults.RemoteCredProvider(*cfg, handlers), }, }) } } }
func (c *CredentialConfig) assumeCredentials() client.ConfigProvider { rootCredentials := c.rootCredentials() config := &aws.Config{ Region: aws.String(c.Region), } config.Credentials = stscreds.NewCredentials(rootCredentials, c.RoleARN) return session.New(config) }
// AssumeRole sets the STS role assumed by AMIQuery. func AssumeRole(roleARN string) Option { return optionFunc(func(m *Manager) error { if roleARN != "" { m.awsCreds = stscreds.NewCredentials(nil, roleARN, time.Minute*5) } return nil }) }
func NewKWriter(awsArn, awsRegion, stream *string, retries int) *KWriter { s := session.New(&aws.Config{ Credentials: stscreds.NewCredentials(session.New(&aws.Config{}), *awsArn), Region: awsRegion, }) client := kinesis.New(s) return &KWriter{ Client: client, MaxRetries: retries, StreamName: stream, } }
func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers) { // Merge in user provided configuration cfg.MergeIn(userCfg) // Region if not already set by user if len(aws.StringValue(cfg.Region)) == 0 { if len(envCfg.Region) > 0 { cfg.WithRegion(envCfg.Region) } else if envCfg.EnableSharedConfig && len(sharedCfg.Region) > 0 { cfg.WithRegion(sharedCfg.Region) } } // Configure credentials if not already set if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { if len(envCfg.Creds.AccessKeyID) > 0 { cfg.Credentials = credentials.NewStaticCredentialsFromCreds( envCfg.Creds, ) } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil { cfgCp := *cfg cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds( sharedCfg.AssumeRoleSource.Creds, ) cfg.Credentials = stscreds.NewCredentials( &Session{ Config: &cfgCp, Handlers: handlers.Copy(), }, sharedCfg.AssumeRole.RoleARN, func(opt *stscreds.AssumeRoleProvider) { opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName if len(sharedCfg.AssumeRole.ExternalID) > 0 { opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID) } // MFA not supported }, ) } else if len(sharedCfg.Creds.AccessKeyID) > 0 { cfg.Credentials = credentials.NewStaticCredentialsFromCreds( sharedCfg.Creds, ) } else { // Fallback to default credentials provider cfg.Credentials = credentials.NewCredentials( defaults.RemoteCredProvider(*cfg, handlers), ) } } }
func TypeGatherer(roleARN *string) *TypeMetrics { return &TypeMetrics{ RoleARN: roleARN, Credentials: stscreds.NewCredentials(session.New(&aws.Config{}), *awsArn), } }