예제 #1
0
// InitializeAWS sets up access to the AWS Simple Token Service
func InitializeAWS() error {
	if *awsRegion == "" {
		*awsRegion = aws.InstanceRegion()
		if *awsRegion == "unknown" {
			*awsRegion = "us-east-1"
		}
	}

	if *awsAccessKey == "" || *awsSecretKey == "" {
		return fmt.Errorf("you must specify aws-access-key-id and " +
			"aws-secret-access-key in the config file or " +
			"AWSAUTHD_AWS_ACCESS_KEY_ID and AWSAUTHD_AWS_SECRET_ACCESS_KEY in " +
			"the environment. These must be regular permanent credentials, not " +
			"temporary or instance credentials.")
	}

	maybeAWSAuth := aws.Auth{
		AccessKey: *awsAccessKey,
		SecretKey: *awsSecretKey,
	}
	stsConnection := sts.New(maybeAWSAuth, aws.GetRegion(*awsRegion))
	_, err := stsConnection.GetFederationToken("snakeoil", "", 900)
	if err != nil {
		return fmt.Errorf("Your credentials don't work to call "+
			"GetFederationToken(). You must specify aws-access-key-id and "+
			"aws-secret-access-key in the config file or "+
			"AWSAUTHD_AWS_ACCESS_KEY_ID and AWSAUTHD_AWS_SECRET_ACCESS_KEY in "+
			"the environment. These must be regular permanent credentials, not "+
			"temporary or instance credentials. (err=%s)", err)
	}

	// If GetFederationToken worked then we are good to go.
	awsAuth = maybeAWSAuth
	return nil
}
예제 #2
0
// GetCredentials fetches credentials for the specified user and policy.
func GetCredentials(user string, policyString string,
	tokenLifetime time.Duration) (*sts.Credentials, error) {
	stsConnection := sts.New(awsAuth, aws.GetRegion(*awsRegion))
	getTokenResult, err := stsConnection.GetFederationToken(user, policyString,
		int(tokenLifetime.Seconds()))
	if err != nil {
		return nil, fmt.Errorf("GetFederationToken: %s", err)
	}
	return &getTokenResult.Credentials, nil
}
예제 #3
0
파일: sts_test.go 프로젝트: Zariel/goamz
func (s *S) SetUpSuite(c *gocheck.C) {
	testServer.Start()
	auth := aws.Auth{AccessKey: "abc", SecretKey: "123"}
	s.sts = sts.New(auth, aws.Region{STSEndpoint: testServer.URL})
}