// Retrieve generates a new set of temporary credentials using STS. func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { // Apply defaults where parameters are not set. if p.RoleSessionName == "" { // Try to work out a role name that will hopefully end up unique. p.RoleSessionName = fmt.Sprintf("%d", time.Now().UTC().UnixNano()) } if p.Duration == 0 { // Expire as often as AWS permits. p.Duration = DefaultDuration } roleOutput, err := p.Client.AssumeRole(&sts.AssumeRoleInput{ DurationSeconds: aws.Int64(int64(p.Duration / time.Second)), RoleArn: aws.String(p.RoleARN), RoleSessionName: aws.String(p.RoleSessionName), ExternalId: p.ExternalID, }) if err != nil { return credentials.Value{}, err } // We will proactively generate new credentials before they expire. p.SetExpiration(*roleOutput.Credentials.Expiration, p.ExpiryWindow) return credentials.Value{ AccessKeyID: *roleOutput.Credentials.AccessKeyId, SecretAccessKey: *roleOutput.Credentials.SecretAccessKey, SessionToken: *roleOutput.Credentials.SessionToken, }, nil }
//GetShards returns shard names for an AWS Kinesis stream. func GetShards(streamName string, region string) ([]string, error) { svc := kinesis.New(session.New(), &aws.Config{Region: aws.String(region)}) params := &kinesis.DescribeStreamInput{ StreamName: aws.String(streamName), } resp, err := svc.DescribeStream(params) if err != nil { return nil, err } var shards []string for _, shard := range resp.StreamDescription.Shards { shards = append(shards, *shard.ShardId) } return shards, nil }