Skip to content

Commit

Permalink
Adding AWSToken field for temporary credentials (#790)
Browse files Browse the repository at this point in the history 
(cherry picked from commit a5e8773)
  • Loading branch information
@mativm02
mativm02 authored and Tyk Bot committed Jan 31, 2024
1 parent b56f811 commit c4121ff
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1292,6 +1292,7 @@ When you initialize an SQS Pump, the SDK uses its default credential chain to fi
- Environment variables.
- Static Credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`)
- Web Identity Token (`AWS_WEB_IDENTITY_TOKEN_FILE`)
- Pump Environment Variables (`TYK_PMP_PUMPS_SQS_AWSKEY`, `TYK_PMP_PUMPS_SQS_AWSSECRET`, `TYK_PMP_PUMPS_SQS_AWSTOKEN`)
- Shared configuration files.
- SDK defaults to credentials file under `.aws` folder that is placed in the home folder on your computer.
- If your application uses an ECS task definition or RunTask API operation, IAM role for tasks.
Expand All @@ -1311,6 +1312,7 @@ If no credentials are provided, SQS Pump won't be able to connect.
"aws_region": "us-east-1",
"aws_key": "key",
"aws_secret": "secret",
"aws_token": "token",
"aws_endpoint": "http://aws-endpoint:4566",
"aws_message_group_id": "message_group_id",
"aws_sqs_batch_limit": 10,
Expand Down
7 changes: 6 additions & 1 deletion pumps/sqs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,10 @@ type SQSConf struct {
// AWSKey is the AWS access key ID used for authentication.
AWSKey string `mapstructure:"aws_key"`

// AWSToken is the AWS session token used for authentication.
// This is only required when using temporary credentials.
AWSToken string `mapstructure:"aws_token"`

// AWSEndpoint is the custom endpoint URL for AWS SQS, if applicable.
AWSEndpoint string `mapstructure:"aws_endpoint"`

Expand Down Expand Up @@ -198,7 +202,8 @@ func (s *SQSPump) NewSQSPublisher() (c *sqs.Client, err error) {
options.BaseEndpoint = aws.String(s.SQSConf.AWSEndpoint)
}
if s.SQSConf.AWSKey != "" && s.SQSConf.AWSSecret != "" {
options.Credentials = credentials.NewStaticCredentialsProvider(s.SQSConf.AWSKey, s.SQSConf.AWSSecret, "")
// Token can be empty since it's optional
options.Credentials = credentials.NewStaticCredentialsProvider(s.SQSConf.AWSKey, s.SQSConf.AWSSecret, s.SQSConf.AWSToken)
}
})

Expand Down

0 comments on commit c4121ff

Please sign in to comment.