/
session.go
87 lines (79 loc) · 2.91 KB
/
session.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package aws
import (
"github.com/Jeffail/benthos/v3/public/service"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session"
)
func sessionFields() []*service.ConfigField {
return []*service.ConfigField{
service.NewStringField("region").
Description("The AWS region to target.").
Default(""),
service.NewStringField("endpoint").
Description("Allows you to specify a custom endpoint for the AWS API.").
Default("").Advanced(),
service.NewObjectField("credentials",
service.NewStringField("profile").
Description("A profile from `~/.aws/credentials` to use.").
Default(""),
service.NewStringField("id").
Description("The ID of credentials to use.").
Default("").Advanced(),
service.NewStringField("secret").
Description("The secret for the credentials being used.").
Default("").Advanced(),
service.NewStringField("token").
Description("The token for the credentials being used, required when using short term credentials.").
Default("").Advanced(),
service.NewStringField("role").
Description("A role ARN to assume.").
Default("").Advanced(),
service.NewStringField("role_external_id").
Description("An external ID to provide when assuming a role.").
Default("").Advanced()).
Description("Optional manual configuration of AWS credentials to use. More information can be found [in this document](/docs/guides/cloud/aws)."),
}
}
func getSession(parsedConf *service.ParsedConfig, opts ...func(*aws.Config)) (*session.Session, error) {
awsConf := aws.NewConfig()
if region, _ := parsedConf.FieldString("region"); region != "" {
awsConf = awsConf.WithRegion(region)
}
if endpoint, _ := parsedConf.FieldString("endpoint"); endpoint != "" {
awsConf = awsConf.WithEndpoint(endpoint)
}
if profile, _ := parsedConf.FieldString("credentials", "profile"); profile != "" {
awsConf = awsConf.WithCredentials(credentials.NewSharedCredentials(
"", profile,
))
} else if id, _ := parsedConf.FieldString("credentials", "id"); id != "" {
secret, _ := parsedConf.FieldString("credentials", "secret")
token, _ := parsedConf.FieldString("credentials", "token")
awsConf = awsConf.WithCredentials(credentials.NewStaticCredentials(
id, secret, token,
))
}
for _, opt := range opts {
opt(awsConf)
}
sess, err := session.NewSession(awsConf)
if err != nil {
return nil, err
}
if role, _ := parsedConf.FieldString("credentials", "role"); role != "" {
var opts []func(*stscreds.AssumeRoleProvider)
if externalID, _ := parsedConf.FieldString("credentials", "role_external_id"); externalID != "" {
opts = []func(*stscreds.AssumeRoleProvider){
func(p *stscreds.AssumeRoleProvider) {
p.ExternalID = &externalID
},
}
}
sess.Config = sess.Config.WithCredentials(
stscreds.NewCredentials(sess, role, opts...),
)
}
return sess, nil
}