-
Notifications
You must be signed in to change notification settings - Fork 9
/
aidews.go
77 lines (71 loc) · 2.56 KB
/
aidews.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// Package aidews provides utility helpers for interacting with the AWS API and the
// AWS Go SDK.
package aidews
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session"
)
func newSession(session *session.Session, region, roleARN *string) *session.Session {
cfg := aws.Config{
Region: region,
}
if session == nil {
session = sessionWithConfig(cfg)
}
if roleARN != nil {
creds := stscreds.NewCredentials(
session,
*roleARN,
)
cfg.Credentials = creds
}
return sessionWithConfig(cfg)
}
// Session returns an aws session.
// The region and role_arn parameters are optional. If neither are given the
// session returned is built with a blank config. If region is given, the config
// used to get the session includes the region. If role_arn given, we first STS,
// then get a session in that region using the credentials from the STS call.
//
// All Sessions are constructed using the SharedConfigEnable setting allowing
// the use of local credential resolution.
func Session(region, roleARN *string) *session.Session {
return newSession(nil, region, roleARN)
}
// SessionHop returns an aws session constructed from a given Session.
// This is very similar to Session, but allows hopping (assume role) from a given
// session, to the next destination role. Using SessionHop, a program can assume
// role any number of times.
//
// For example:
// start := Session(region, startingRoleARN)
// hop1 := SessionHop(start, region, hop1ARN)
// hop2 := SessionHop(hop1, region, hop2ARN)
// destination := SessionHop(hop2, region, destARN)
func SessionHop(session *session.Session, region, roleARN *string) *session.Session {
return newSession(session, region, roleARN)
}
// SessionWithConfig returns an aws session.
// The role_arn parameter is optional. If not given given the
// session returned is built with the config passed in. If role_arn given, we first STS,
// then get a session with those using the credentials added to the passed in config.
//
// All Sessions are constructed using the SharedConfigEnable setting allowing
// the use of local credential resolution.
func SessionWithConfig(cfg aws.Config, roleARN *string) *session.Session {
if roleARN != nil {
creds := stscreds.NewCredentials(
sessionWithConfig(cfg),
*roleARN,
)
cfg.Credentials = creds
}
return sessionWithConfig(cfg)
}
func sessionWithConfig(cfg aws.Config) *session.Session {
return session.Must(session.NewSessionWithOptions(session.Options{
Config: cfg,
SharedConfigState: session.SharedConfigEnable,
}))
}