Skip to content

Commit

Permalink
Support $AWS_DEFAULT_REGION and ~/.aws/config profiles
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikljohansson
mikljohansson committed Oct 22, 2016
1 parent d3275ea commit 4330008
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 18 deletions.
23 changes: 10 additions & 13 deletions commands.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,17 +35,15 @@ func executeCommand(iamProfile string, durationSeconds int64, args []string) {
randSeq(8))

// Initialize the session
var accessKeyId, secretAccessKey, sessionToken, region string
var accessKeyID, secretAccessKey, sessionToken, region string

if iamProfile != "" {
// Resolve ARN and AWS_DEFAULT_REGION through source_profile in ~/.aws/config
if !strings.HasPrefix(iamProfile, "arn:aws:iam:") {
// https://github.com/Bowbaq/profilecreds
// https://github.com/aws/aws-sdk-go/issues/384
// https://github.com/paperg/awsudo/blob/master/awsudo/config.py
}
// Force enable Shared Config to support $AWS_DEFAULT_REGION and ~/.aws/config profiles
sess, err := session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
})
check(err, "Failed to initialize the AWS session")

sess := session.New()
if iamProfile != "" {
svc := sts.New(sess)

// Assume role given by ARN
Expand All @@ -62,17 +60,16 @@ func executeCommand(iamProfile string, durationSeconds int64, args []string) {
resp, err := svc.AssumeRole(params)
check(err, "Failed to assume role")

accessKeyId = *resp.Credentials.AccessKeyId
accessKeyID = *resp.Credentials.AccessKeyId
secretAccessKey = *resp.Credentials.SecretAccessKey
sessionToken = *resp.Credentials.SessionToken
region = *sess.Config.Region
} else {
// Output the session credentials
sess := session.New()
creds, err := sess.Config.Credentials.Get()
check(err, "Failed to retrive credentials from session")

accessKeyId = creds.AccessKeyID
accessKeyID = creds.AccessKeyID
secretAccessKey = creds.SecretAccessKey
sessionToken = creds.SessionToken
region = *sess.Config.Region
Expand All @@ -89,7 +86,7 @@ func executeCommand(iamProfile string, durationSeconds int64, args []string) {

// Inject the temporary credentials
env := append(filterExistingCredentials(os.Environ()),
fmt.Sprintf("AWS_ACCESS_KEY_ID=%s", accessKeyId),
fmt.Sprintf("AWS_ACCESS_KEY_ID=%s", accessKeyID),
fmt.Sprintf("AWS_SECRET_ACCESS_KEY=%s", secretAccessKey))

if sessionToken != "" {
Expand Down
41 changes: 37 additions & 4 deletions glide.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion glide.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
package: github.com/meltwater/awsu
package: github.com/mikljohansson/awsu
import:
- package: github.com/go-errors/errors
- package: github.com/spf13/cobra
- package: github.com/stretchr/testify
subpackages:
- assert
- package: github.com/aws/aws-sdk-go
version: v1.4.20
subpackages:
- aws/session

0 comments on commit 4330008

Please sign in to comment.