func (c *CloudWatch) Connect() error {
Config := &aws.Config{
Region: aws.String(c.Region),
Credentials: credentials.NewChainCredentials(
[]credentials.Provider{
&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New())},
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{},
}),
}
svc := cloudwatch.New(session.New(Config))
params := &cloudwatch.ListMetricsInput{
Namespace: aws.String(c.Namespace),
}
_, err := svc.ListMetrics(params) // Try a read-only call to test connection.
if err != nil {
log.Printf("cloudwatch: Error in ListMetrics API call : %+v \n", err.Error())
}
c.svc = svc
return err
}
func (t *TextDetail) SetAwsInfo(region string) error {
meta := ec2metadata.New(session.New(), &aws.Config{Region: aws.String(region)})
instance_id, err := meta.GetMetadata("instance-id")
svc := ec2.New(session.New(), &aws.Config{Region: aws.String(region)})
res, err := svc.DescribeInstances(nil)
if err != nil {
return err
}
tag_name := ""
for _, r := range res.Reservations {
for _, i := range r.Instances {
if *i.InstanceId == instance_id {
tag_name = *i.Tags[0].Value
}
}
}
t.AwsInstanceId = instance_id
t.AwsTagName = tag_name
return nil
}
func TestEC2RoleProviderExpiryWindowIsExpired(t *testing.T) {
server := initTestServer("2014-12-16T01:51:37Z", false)
defer server.Close()
p := &ec2rolecreds.EC2RoleProvider{
Client: ec2metadata.New(&ec2metadata.Config{Endpoint: aws.String(server.URL + "/latest")}),
ExpiryWindow: time.Hour * 1,
}
p.CurrentTime = func() time.Time {
return time.Date(2014, 12, 15, 0, 51, 37, 0, time.UTC)
}
assert.True(t, p.IsExpired(), "Expect creds to be expired before retrieve.")
_, err := p.Retrieve()
assert.Nil(t, err, "Expect no error")
assert.False(t, p.IsExpired(), "Expect creds to not be expired after retrieve.")
p.CurrentTime = func() time.Time {
return time.Date(2014, 12, 16, 0, 55, 37, 0, time.UTC)
}
assert.True(t, p.IsExpired(), "Expect creds to be expired.")
}
func (p *amazon) getRegion() (string, error) {
if len(p.c.Region) == 0 {
meta := ec2metadata.New(&ec2metadata.Config{})
return meta.Region()
}
return p.c.Region, nil
}
func main() {
kingpin.Parse()
me := ec2metadata.New(session.New(), &aws.Config{})
region, err := me.Region()
if err != nil {
fmt.Println(err)
os.Exit(1)
}
cw := cloudwatch.New(session.New(&aws.Config{Region: aws.String(region)}))
as := autoscaling.New(session.New(&aws.Config{Region: aws.String(region)}))
// Get the name of this instance.
instance, err := me.GetMetadata("instance-id")
if err != nil {
fmt.Println(err)
os.Exit(1)
}
log.Printf("Instance: %s", instance)
// Check if this instance is in an auto scaling group.
gps, err := as.DescribeAutoScalingInstances(&autoscaling.DescribeAutoScalingInstancesInput{
InstanceIds: []*string{
aws.String(instance),
},
})
if err == nil && len(gps.AutoScalingInstances) > 0 {
group = *gps.AutoScalingInstances[0].AutoScalingGroupName
log.Printf("AutoScaling group: %s", group)
}
// Loop and send to the backend.
limiter := time.Tick(time.Second * 60)
for {
<-limiter
// Submit all the values.
for _, mn := range strings.Split(*cliMetrics, ",") {
m, err := metric.New(mn)
if err != nil {
log.Printf("Cannot find metric: %s" + mn)
continue
}
v, err := m.Value()
if err != nil {
log.Println("Cannot get metric.")
}
// Send the instance metrics.
Send(cw, "InstanceId", instance, m.Name(), v)
// Send the autoscaling.
if group != "" {
Send(cw, "AutoScalingGroupName", group, m.Name(), v)
}
}
}
}
func NewAwsAsgEbs(maxRetries int) *AwsAsgEbs {
awsAsgEbs := &AwsAsgEbs{}
metadata := ec2metadata.New(session.New())
region, err := metadata.Region()
if err != nil {
log.WithFields(log.Fields{"error": err}).Fatal("Failed to get region from instance metadata")
}
log.WithFields(log.Fields{"region": region}).Info("Setting region")
awsAsgEbs.Region = region
availabilityZone, err := metadata.GetMetadata("placement/availability-zone")
if err != nil {
log.WithFields(log.Fields{"error": err}).Fatal("Failed to get availability zone from instance metadata")
}
log.WithFields(log.Fields{"az": availabilityZone}).Info("Setting availability zone")
awsAsgEbs.AvailabilityZone = availabilityZone
instanceId, err := metadata.GetMetadata("instance-id")
if err != nil {
log.WithFields(log.Fields{"error": err}).Fatal("Failed to get instance id from instance metadata")
}
log.WithFields(log.Fields{"instance_id": instanceId}).Info("Setting instance id")
awsAsgEbs.InstanceId = instanceId
awsAsgEbs.AwsConfig = aws.NewConfig().
WithRegion(region).
WithCredentials(ec2rolecreds.NewCredentials(session.New())).
WithMaxRetries(maxRetries)
return awsAsgEbs
}
func NewEbsVolumeDriver() (VolumeDriver, error) {
d := &ebsVolumeDriver{
volumes: make(map[string]*ebsVolume),
}
ec2sess := session.New()
d.ec2meta = ec2metadata.New(ec2sess)
// Fetch AWS information, validating along the way.
if !d.ec2meta.Available() {
return nil, errors.New("Not running on an EC2 instance.")
}
var err error
if d.awsInstanceId, err = d.ec2meta.GetMetadata("instance-id"); err != nil {
return nil, err
}
if d.awsRegion, err = d.ec2meta.Region(); err != nil {
return nil, err
}
if d.awsAvailabilityZone, err =
d.ec2meta.GetMetadata("placement/availability-zone"); err != nil {
return nil, err
}
d.ec2 = ec2.New(ec2sess, &aws.Config{Region: aws.String(d.awsRegion)})
// Print some diagnostic information and then return the driver.
log("Auto-detected EC2 information:\n")
log("\tInstanceId : %v\n", d.awsInstanceId)
log("\tRegion : %v\n", d.awsRegion)
log("\tAvailability Zone : %v\n", d.awsAvailabilityZone)
return d, nil
}
func initAWS() {
defer Track("initAWS", Now(), debugOut)
AWSSession = session.New()
// Region
if GlobalConfig.Get("awsRegion") != "" {
// CLI trumps
AWSSession.Config.Region = aws.String(GlobalConfig.Get("awsRegion"))
} else if os.Getenv("AWS_REGION") == "" {
// Grab it from this EC2 instace
region, err := ec2metadata.New(session.New()).Region()
if err != nil {
fmt.Printf("Cannot set AWS region: '%v'\n", err)
os.Exit(1)
}
AWSSession.Config.Region = aws.String(region)
}
// Creds
if GlobalConfig.Get("awsAccessKey") != "" && GlobalConfig.Get("awsSecretKey") != "" {
// CLI trumps
creds := credentials.NewStaticCredentials(
GlobalConfig.Get("awsAccessKey"),
GlobalConfig.Get("awsSecretKey"),
"")
AWSSession.Config.Credentials = creds
}
}
// Retrieve retrieves credentials from the EC2 service.
// Error will be returned if the request fails, or unable to extract
// the desired credentials.
func (m *EC2RoleProvider) Retrieve() (credentials.Value, error) {
if m.Client == nil {
m.Client = ec2metadata.New(nil)
}
credsList, err := requestCredList(m.Client)
if err != nil {
return credentials.Value{}, err
}
if len(credsList) == 0 {
return credentials.Value{}, awserr.New("EmptyEC2RoleList", "empty EC2 Role list", nil)
}
credsName := credsList[0]
roleCreds, err := requestCred(m.Client, credsName)
if err != nil {
return credentials.Value{}, err
}
m.SetExpiration(roleCreds.Expiration, m.ExpiryWindow)
return credentials.Value{
AccessKeyID: roleCreds.AccessKeyID,
SecretAccessKey: roleCreds.SecretAccessKey,
SessionToken: roleCreds.Token,
}, nil
}
func TestGetUserData_Error(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
reader := strings.NewReader(`<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>`)
w.Header().Set("Content-Type", "text/html")
w.Header().Set("Content-Length", fmt.Sprintf("%d", reader.Len()))
w.WriteHeader(http.StatusNotFound)
io.Copy(w, reader)
}))
defer server.Close()
c := ec2metadata.New(unit.Session, &aws.Config{Endpoint: aws.String(server.URL + "/latest")})
resp, err := c.GetUserData()
assert.Error(t, err)
assert.Empty(t, resp)
aerr, ok := err.(awserr.Error)
assert.True(t, ok)
assert.Equal(t, "NotFoundError", aerr.Code())
}
// Config returns a valid aws.Config object for access to AWS services, or
// an error if the authentication and region couldn't be resolved
func (c *AccessConfig) Config() (*aws.Config, error) {
var creds *credentials.Credentials
region, err := c.Region()
if err != nil {
return nil, err
}
config := aws.NewConfig().WithRegion(region).WithMaxRetries(11)
if c.ProfileName != "" {
profile, err := NewFromProfile(c.ProfileName)
if err != nil {
return nil, err
}
creds, err = profile.CredentialsFromProfile(config)
if err != nil {
return nil, err
}
} else {
sess := session.New(config)
creds = credentials.NewChainCredentials([]credentials.Provider{
&credentials.StaticProvider{Value: credentials.Value{
AccessKeyID: c.AccessKey,
SecretAccessKey: c.SecretKey,
SessionToken: c.Token,
}},
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
&ec2rolecreds.EC2RoleProvider{
Client: ec2metadata.New(sess),
},
})
}
return config.WithCredentials(creds), nil
}
func main() {
kingpin.Version("2.1.0")
kingpin.Parse()
sl, err := syslog.New(syslog.LOG_NOTICE|syslog.LOG_LOCAL0, "[varnish-purge-proxy]")
defer sl.Close()
if err != nil {
log.Println("Error writing to syslog")
} else {
log.SetFlags(0)
log.SetOutput(sl)
}
if len(*tags) == 0 {
fmt.Println("No tags specified")
return
}
region, err = ec2metadata.New(session.New()).Region()
if err != nil {
log.Printf("Unable to retrieve the region from the EC2 instance %v\n", err)
}
// Set up access to ec2
svc := ec2.New(session.New(), &aws.Config{Region: ®ion})
go serveHTTP(*port, *listen, svc)
select {}
}
func TestMetadataNotAvailable(t *testing.T) {
c := ec2metadata.New(nil)
available := c.Available()
assert.False(t, available)
}
func main() {
meta := ec2metadata.New(session.New())
if meta.Available() == false {
fmt.Println("Not an EC2 instance or Metadata service unavailable")
os.Exit(2)
}
if len(os.Args) < 2 {
fmt.Println("Please supply an attribute to query or -h for help")
os.Exit(1)
}
if os.Args[1] == "-h" || os.Args[1] == "--help" {
showHelp(meta)
os.Exit(0)
}
var result string
var err error
if strings.ToLower(os.Args[1]) == "region" {
result, err = meta.Region()
} else {
result, err = meta.GetMetadata(strings.ToLower(os.Args[1]))
}
if err != nil {
fmt.Println("Problem querying metadata service.")
os.Exit(2)
}
fmt.Println(result)
}
func New(debug bool) MetadataFetcher {
c := ec2metadata.Config{}
if debug {
c.LogLevel = aws.LogLevel(aws.LogDebug)
}
return ec2metadata.New(&c)
}
func NewEC2Info(route *router.Route) (EC2Info, error) {
_, skip_ec2 := route.Options[`NOEC2`]
if skip_ec2 || (os.Getenv(`NOEC2`) != "") {
return EC2Info{}, nil
}
// get my instance ID
mySession := session.New()
metadataSvc := ec2metadata.New(mySession)
if !metadataSvc.Available() {
log.Println("cloudwatch: WARNING EC2 Metadata service not available")
return EC2Info{}, nil
}
instance_id, err := metadataSvc.GetMetadata(`instance-id`)
if err != nil {
return EC2Info{}, fmt.Errorf("ERROR getting instance ID: %s", err)
}
region, err := metadataSvc.Region()
if err != nil {
return EC2Info{}, fmt.Errorf("ERROR getting EC2 region: %s", err)
}
return EC2Info{
InstanceID: instance_id,
Region: region,
}, nil
}
func NewEBSService() (*ebsService, error) {
var err error
s := &ebsService{}
s.metadataClient = ec2metadata.New(nil)
if !s.isEC2Instance() {
return nil, fmt.Errorf("Not running on an EC2 instance")
}
s.InstanceID, err = s.metadataClient.GetMetadata("instance-id")
if err != nil {
return nil, err
}
s.Region, err = s.metadataClient.Region()
if err != nil {
return nil, err
}
s.AvailabilityZone, err = s.metadataClient.GetMetadata("placement/availability-zone")
if err != nil {
return nil, err
}
config := aws.NewConfig().WithRegion(s.Region)
s.ec2Client = ec2.New(config)
return s, nil
}
func New(debug bool) MetadataFetcher {
sess := session.New()
if debug {
sess.Config.LogLevel = aws.LogLevel(aws.LogDebug)
}
return ec2metadata.New(sess)
}
func (g *S3Getter) getAWSConfig(region string, creds *credentials.Credentials) *aws.Config {
conf := &aws.Config{}
if creds == nil {
// Grab the metadata URL
metadataURL := os.Getenv("AWS_METADATA_URL")
if metadataURL == "" {
metadataURL = "http://169.254.169.254:80/latest"
}
creds = credentials.NewChainCredentials(
[]credentials.Provider{
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
&ec2rolecreds.EC2RoleProvider{
Client: ec2metadata.New(session.New(&aws.Config{
Endpoint: aws.String(metadataURL),
})),
},
})
}
conf.Credentials = creds
if region != "" {
conf.Region = aws.String(region)
}
return conf
}
func getAwsMetadata(name string) string {
client := ec2metadata.New(session.New(&aws.Config{}))
data, err := client.GetMetadata(name)
if err != nil {
return info.UnknownInstance
}
return data
}
func getRegion() string {
metaClient := ec2metadata.New(session.New(&aws.Config{}))
region, err := metaClient.Region()
if err != nil {
log.Fatal(err)
}
return region
}
// Get instance id from the metadata service
func getMyInstanceId() string {
mdConfig := ec2metadata.New(&ec2metadata.Config{})
id, err := mdConfig.GetMetadata("instance-id")
if err != nil {
return ""
}
return id
}
// Gets the region from the metadata service
// fallback parameter specifies the region to use if there is an error
func getMetadataRegion(fallback string) string {
metaClient := ec2metadata.New(&ec2metadata.Config{})
region, err := metaClient.Region()
if err != nil {
return fallback
}
return region
}
func getRegionFromInstanceMetaData() (region string) {
metadata := ec2metadata.New(session.New())
region, err := metadata.Region()
if err != nil {
panic(err)
}
return region
}
// discoverEc2Hosts searches an AWS region, returning a list of instance ips
// where EC2TagKey = EC2TagValue
func (c *Config) discoverEc2Hosts(logger *log.Logger) ([]string, error) {
config := c.RetryJoinEC2
ec2meta := ec2metadata.New(session.New())
if config.Region == "" {
logger.Printf("[INFO] agent: No EC2 region provided, querying instance metadata endpoint...")
identity, err := ec2meta.GetInstanceIdentityDocument()
if err != nil {
return nil, err
}
config.Region = identity.Region
}
awsConfig := &aws.Config{
Region: &config.Region,
Credentials: credentials.NewChainCredentials(
[]credentials.Provider{
&credentials.StaticProvider{
Value: credentials.Value{
AccessKeyID: config.AccessKeyID,
SecretAccessKey: config.SecretAccessKey,
},
},
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{},
defaults.RemoteCredProvider(*(defaults.Config()), defaults.Handlers()),
}),
}
svc := ec2.New(session.New(), awsConfig)
resp, err := svc.DescribeInstances(&ec2.DescribeInstancesInput{
Filters: []*ec2.Filter{
{
Name: aws.String("tag:" + config.TagKey),
Values: []*string{
aws.String(config.TagValue),
},
},
},
})
if err != nil {
return nil, err
}
var servers []string
for i := range resp.Reservations {
for _, instance := range resp.Reservations[i].Instances {
// Terminated instances don't have the PrivateIpAddress field
if instance.PrivateIpAddress != nil {
servers = append(servers, *instance.PrivateIpAddress)
}
}
}
return servers, nil
}
func getAWSConfig(c *cli.Context) *aws.Config {
creds := credentials.NewChainCredentials(
[]credentials.Provider{
&credentials.EnvProvider{},
&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New(&aws.Config{})), ExpiryWindow: 5 * time.Minute},
})
region := c.GlobalString("region")
return &aws.Config{Credentials: creds, Region: aws.String(region)}
}
func findInstanceID() string {
metaClient := ec2metadata.New(session.New(&aws.Config{}))
instanceID, err := metaClient.GetMetadata("instance-id")
if err != nil {
log.Fatal(err)
}
return instanceID
}
func getRegion() string {
c := ec2metadata.New(session.New())
r, err := c.Region()
if err != nil {
log.Fatalln("Failed to get region from the metadata service.")
return ""
}
return r
}
func getInstanceID() string {
c := ec2metadata.New(session.New())
i, err := c.GetMetadata("instance-id")
if err != nil {
log.Fatalln("Failed to get instance ID from the metadata service.")
return ""
}
return i
}
func GetAccountId(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, error) {
// If we have creds from instance profile, we can use metadata API
if authProviderName == ec2rolecreds.ProviderName {
log.Println("[DEBUG] Trying to get account ID via AWS Metadata API")
cfg := &aws.Config{}
setOptionalEndpoint(cfg)
metadataClient := ec2metadata.New(session.New(cfg))
info, err := metadataClient.IAMInfo()
if err != nil {
// This can be triggered when no IAM Role is assigned
// or AWS just happens to return invalid response
return "", fmt.Errorf("Failed getting EC2 IAM info: %s", err)
}
return parseAccountIdFromArn(info.InstanceProfileArn)
}
// Then try IAM GetUser
log.Println("[DEBUG] Trying to get account ID via iam:GetUser")
outUser, err := iamconn.GetUser(nil)
if err == nil {
return parseAccountIdFromArn(*outUser.User.Arn)
}
awsErr, ok := err.(awserr.Error)
// AccessDenied and ValidationError can be raised
// if credentials belong to federated profile, so we ignore these
if !ok || (awsErr.Code() != "AccessDenied" && awsErr.Code() != "ValidationError") {
return "", fmt.Errorf("Failed getting account ID via 'iam:GetUser': %s", err)
}
log.Printf("[DEBUG] Getting account ID via iam:GetUser failed: %s", err)
// Then try STS GetCallerIdentity
log.Println("[DEBUG] Trying to get account ID via sts:GetCallerIdentity")
outCallerIdentity, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
if err == nil {
return *outCallerIdentity.Account, nil
}
log.Printf("[DEBUG] Getting account ID via sts:GetCallerIdentity failed: %s", err)
// Then try IAM ListRoles
log.Println("[DEBUG] Trying to get account ID via iam:ListRoles")
outRoles, err := iamconn.ListRoles(&iam.ListRolesInput{
MaxItems: aws.Int64(int64(1)),
})
if err != nil {
return "", fmt.Errorf("Failed getting account ID via 'iam:ListRoles': %s", err)
}
if len(outRoles.Roles) < 1 {
return "", fmt.Errorf("Failed getting account ID via 'iam:ListRoles': No roles available")
}
return parseAccountIdFromArn(*outRoles.Roles[0].Arn)
}