From 7f497375dfe04cace9c32fceaffb895a254909b9 Mon Sep 17 00:00:00 2001 From: Leonid Bugaev Date: Wed, 31 Jan 2024 19:45:06 +0300 Subject: [PATCH] Merging to release-1.9: Adding AWSToken field for temporary credentials (#790) Adding AWSToken field for temporary credentials (#790) --- README.md | 2 ++ pumps/sqs.go | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d8182e311..250934be9 100644 --- a/README.md +++ b/README.md @@ -1292,6 +1292,7 @@ When you initialize an SQS Pump, the SDK uses its default credential chain to fi - Environment variables. - Static Credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`) - Web Identity Token (`AWS_WEB_IDENTITY_TOKEN_FILE`) + - Pump Environment Variables (`TYK_PMP_PUMPS_SQS_AWSKEY`, `TYK_PMP_PUMPS_SQS_AWSSECRET`, `TYK_PMP_PUMPS_SQS_AWSTOKEN`) - Shared configuration files. - SDK defaults to credentials file under `.aws` folder that is placed in the home folder on your computer. - If your application uses an ECS task definition or RunTask API operation, IAM role for tasks. @@ -1311,6 +1312,7 @@ If no credentials are provided, SQS Pump won't be able to connect. "aws_region": "us-east-1", "aws_key": "key", "aws_secret": "secret", + "aws_token": "token", "aws_endpoint": "http://aws-endpoint:4566", "aws_message_group_id": "message_group_id", "aws_sqs_batch_limit": 10, diff --git a/pumps/sqs.go b/pumps/sqs.go index a00591374..6ba0ce1f9 100644 --- a/pumps/sqs.go +++ b/pumps/sqs.go @@ -56,6 +56,10 @@ type SQSConf struct { // AWSKey is the AWS access key ID used for authentication. AWSKey string `mapstructure:"aws_key"` + // AWSToken is the AWS session token used for authentication. + // This is only required when using temporary credentials. + AWSToken string `mapstructure:"aws_token"` + // AWSEndpoint is the custom endpoint URL for AWS SQS, if applicable. AWSEndpoint string `mapstructure:"aws_endpoint"` @@ -198,7 +202,8 @@ func (s *SQSPump) NewSQSPublisher() (c *sqs.Client, err error) { options.BaseEndpoint = aws.String(s.SQSConf.AWSEndpoint) } if s.SQSConf.AWSKey != "" && s.SQSConf.AWSSecret != "" { - options.Credentials = credentials.NewStaticCredentialsProvider(s.SQSConf.AWSKey, s.SQSConf.AWSSecret, "") + // Token can be empty since it's optional + options.Credentials = credentials.NewStaticCredentialsProvider(s.SQSConf.AWSKey, s.SQSConf.AWSSecret, s.SQSConf.AWSToken) } })