func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers) { // Merge in user provided configuration cfg.MergeIn(userCfg) // Region if not already set by user if len(aws.StringValue(cfg.Region)) == 0 { if len(envCfg.Region) > 0 { cfg.WithRegion(envCfg.Region) } else if envCfg.EnableSharedConfig && len(sharedCfg.Region) > 0 { cfg.WithRegion(sharedCfg.Region) } } // Configure credentials if not already set if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { if len(envCfg.Creds.AccessKeyID) > 0 { cfg.Credentials = credentials.NewStaticCredentialsFromCreds( envCfg.Creds, ) } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil { cfgCp := *cfg cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds( sharedCfg.AssumeRoleSource.Creds, ) cfg.Credentials = stscreds.NewCredentials( &Session{ Config: &cfgCp, Handlers: handlers.Copy(), }, sharedCfg.AssumeRole.RoleARN, func(opt *stscreds.AssumeRoleProvider) { opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName if len(sharedCfg.AssumeRole.ExternalID) > 0 { opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID) } // MFA not supported }, ) } else if len(sharedCfg.Creds.AccessKeyID) > 0 { cfg.Credentials = credentials.NewStaticCredentialsFromCreds( sharedCfg.Creds, ) } else { // Fallback to default credentials provider, include mock errors // for the credential chain so user can identify why credentials // failed to be retrieved. cfg.Credentials = credentials.NewCredentials(&credentials.ChainProvider{ VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors), Providers: []credentials.Provider{ &credProviderError{Err: awserr.New("EnvAccessKeyNotFound", "failed to find credentials in the environment.", nil)}, &credProviderError{Err: awserr.New("SharedCredsLoad", fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil)}, defaults.RemoteCredProvider(*cfg, handlers), }, }) } } }
func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers) { // Merge in user provided configuration cfg.MergeIn(userCfg) // Region if not already set by user if len(aws.StringValue(cfg.Region)) == 0 { if len(envCfg.Region) > 0 { cfg.WithRegion(envCfg.Region) } else if envCfg.EnableSharedConfig && len(sharedCfg.Region) > 0 { cfg.WithRegion(sharedCfg.Region) } } // Configure credentials if not already set if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { if len(envCfg.Creds.AccessKeyID) > 0 { cfg.Credentials = credentials.NewStaticCredentialsFromCreds( envCfg.Creds, ) } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil { cfgCp := *cfg cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds( sharedCfg.AssumeRoleSource.Creds, ) cfg.Credentials = stscreds.NewCredentials( &Session{ Config: &cfgCp, Handlers: handlers.Copy(), }, sharedCfg.AssumeRole.RoleARN, func(opt *stscreds.AssumeRoleProvider) { opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName if len(sharedCfg.AssumeRole.ExternalID) > 0 { opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID) } // MFA not supported }, ) } else if len(sharedCfg.Creds.AccessKeyID) > 0 { cfg.Credentials = credentials.NewStaticCredentialsFromCreds( sharedCfg.Creds, ) } else { // Fallback to default credentials provider cfg.Credentials = credentials.NewCredentials( defaults.RemoteCredProvider(*cfg, handlers), ) } } }
// New initializes a new S3 client connection based on config. func New() *S3Client { var ( cfg *aws.Config ) if config.S3.Endpoint != "" { cfg = &aws.Config{ Endpoint: aws.String(config.S3.Endpoint), DisableSSL: aws.Bool(strings.HasPrefix(config.S3.Endpoint, "http://")), Region: aws.String(config.S3.Region), S3ForcePathStyle: aws.Bool(config.S3.PathStyle), } } else { cfg = &aws.Config{ Region: aws.String(config.S3.Region), S3ForcePathStyle: aws.Bool(config.S3.PathStyle), } } if config.S3.Access != "" && config.S3.Secret != "" { cfg.Credentials = credentials.NewStaticCredentials( config.S3.Access, config.S3.Secret, "", ) } return &S3Client{ client: s3.New( session.New(), cfg, ), } }
func (r *run) initIamClient() *iam.IAM { var awsconf aws.Config if r.c.AccessKey != "" && r.c.SecretKey != "" { awscreds := awscred.NewStaticCredentials(r.c.AccessKey, r.c.SecretKey, "") awsconf.Credentials = awscreds } return iam.New(session.New(), &awsconf) }
func getService(debug bool, profile string) *route53.Route53 { config := aws.Config{} if profile != "" { config.Credentials = credentials.NewSharedCredentials("", profile) } // ensures throttled requests are retried config.MaxRetries = aws.Int(100) if debug { config.LogLevel = aws.LogLevel(aws.LogDebug) } return route53.New(session.New(), &config) }
func getConfig(c *cli.Context) *aws.Config { debug := c.Bool("debug") profile := c.String("profile") config := aws.Config{} if profile != "" { config.Credentials = credentials.NewSharedCredentials("", profile) } // ensures throttled requests are retried config.MaxRetries = aws.Int(100) if debug { config.LogLevel = aws.LogLevel(aws.LogDebug) } return &config }
func NewECSClient(credentialProvider *credentials.Credentials, config *config.Config, httpClient *http.Client, ec2MetadataClient ec2.EC2MetadataClient) ECSClient { var ecsConfig aws.Config ecsConfig.Credentials = credentialProvider ecsConfig.Region = &config.AWSRegion ecsConfig.HTTPClient = httpClient if config.APIEndpoint != "" { ecsConfig.Endpoint = &config.APIEndpoint } standardClient := ecs.New(&ecsConfig) submitStateChangeClient := newSubmitStateChangeClient(&ecsConfig) return &ApiECSClient{ credentialProvider: credentialProvider, config: config, standardClient: standardClient, submitStateChangeClient: submitStateChangeClient, ec2metadata: ec2MetadataClient, } }
func (key MasterKey) createStsSession(config aws.Config, sess *session.Session) (*session.Session, error) { hostname, err := os.Hostname() if err != nil { return nil, err } stsService := sts.New(sess) name := "sops@" + hostname out, err := stsService.AssumeRole(&sts.AssumeRoleInput{ RoleArn: &key.Role, RoleSessionName: &name}) if err != nil { return nil, fmt.Errorf("Failed to assume role %q: %v", key.Role, err) } config.Credentials = credentials.NewStaticCredentials(*out.Credentials.AccessKeyId, *out.Credentials.SecretAccessKey, *out.Credentials.SessionToken) sess, err = session.NewSession(&config) if err != nil { return nil, fmt.Errorf("Failed to create new aws session: %v", err) } return sess, nil }