// Assume role uses the current server role to call STS and assume a different role if permitted // Params: // roleArn - the requested role ARN (example: arn:aws:iam::11111111111:role/myrole ) // sessionName - a name to associate with the current session. Use the service name + // unique idenfitifier preferebly. // duration - the duration of the session in seconds. Must be between 900 and 3600 // Returns aws.Auth object that can be used with any of the existing goamz APIs // // Check http://goo.gl/M6uCu5 for more information // func AssumeRole(roleArn string, sessionName string, duration int) (*aws.Auth, error) { if duration < 900 || duration > 3600 { return nil, fmt.Errorf("Duration out of bounds") } //Try to get our local auth localAuth, err := aws.GetAuth("", "", "", time.Time{}) if err != nil { return nil, err } stsClient := sts.New(localAuth, aws.Regions[util.GetAwsRegionName()]) stsOptions := &sts.AssumeRoleParams{ DurationSeconds: int(duration), RoleArn: roleArn, RoleSessionName: sessionName, } //Try to assume role roleAuth, err := stsClient.AssumeRole(stsOptions) if err != nil { return nil, err } //Marshal the response into an aws.Auth object auth := aws.NewAuth(roleAuth.Credentials.AccessKeyId, roleAuth.Credentials.SecretAccessKey, roleAuth.Credentials.SessionToken, roleAuth.Credentials.Expiration) return auth, nil }
func hostName(role string) string { region := util.GetAwsRegionName() env := util.GetEnvironmentName() return fmt.Sprintf("%s.%s.%s.%s.%s", role, region, scope, env, domain) }