// Retrieve generates a new set of temporary credentials using STS. func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { // Apply defaults where parameters are not set. if p.RoleSessionName == "" { // Try to work out a role name that will hopefully end up unique. p.RoleSessionName = fmt.Sprintf("%d", time.Now().UTC().UnixNano()) } if p.Duration == 0 { // Expire as often as AWS permits. p.Duration = DefaultDuration } roleOutput, err := p.Client.AssumeRole(&sts.AssumeRoleInput{ DurationSeconds: aws.Int64(int64(p.Duration / time.Second)), RoleArn: aws.String(p.RoleARN), RoleSessionName: aws.String(p.RoleSessionName), ExternalId: p.ExternalID, }) if err != nil { return credentials.Value{}, err } // We will proactively generate new credentials before they expire. p.SetExpiration(*roleOutput.Credentials.Expiration, p.ExpiryWindow) return credentials.Value{ AccessKeyID: *roleOutput.Credentials.AccessKeyId, SecretAccessKey: *roleOutput.Credentials.SecretAccessKey, SessionToken: *roleOutput.Credentials.SessionToken, }, nil }
func (infra *Infrastructure) createLambdaFunction(roleArn string, payload []byte) error { svc := lambda.New(session.New(), infra.config) _, err := svc.GetFunction(&lambda.GetFunctionInput{ FunctionName: aws.String("goad"), }) if err != nil { if awsErr, ok := err.(awserr.Error); ok { if awsErr.Code() == "ResourceNotFoundException" { _, err := svc.CreateFunction(&lambda.CreateFunctionInput{ Code: &lambda.FunctionCode{ ZipFile: payload, }, FunctionName: aws.String("goad"), Handler: aws.String("index.handler"), Role: aws.String(roleArn), Runtime: aws.String("nodejs"), Description: aws.String("Description"), MemorySize: aws.Int64(128), Publish: aws.Bool(true), Timeout: aws.Int64(300), }) if err != nil { if awsErr, ok := err.(awserr.Error); ok { // Calling this function too soon after creating the role might // fail, so we should retry after a little while. // TODO: limit the number of retries. if awsErr.Code() == "InvalidParameterValueException" { time.Sleep(time.Second) return infra.createLambdaFunction(roleArn, payload) } } return err } } } } return nil }
// Receive a result, or timeout in 1 second func (adaptor SQSAdaptor) Receive() *AggData { params := &sqs.ReceiveMessageInput{ QueueUrl: aws.String(adaptor.QueueURL), MaxNumberOfMessages: aws.Int64(1), VisibilityTimeout: aws.Int64(1), WaitTimeSeconds: aws.Int64(1), } resp, err := adaptor.Client.ReceiveMessage(params) if err != nil { fmt.Println(err.Error()) return nil } if len(resp.Messages) == 0 { return nil } item := resp.Messages[0] deleteParams := &sqs.DeleteMessageInput{ QueueUrl: aws.String(adaptor.QueueURL), ReceiptHandle: aws.String(*item.ReceiptHandle), } _, delerr := adaptor.Client.DeleteMessage(deleteParams) if delerr != nil { fmt.Println(err.Error()) return nil } result, jsonerr := resultFromJSON(*item.Body) if jsonerr != nil { fmt.Println(err.Error()) return nil } return &result }