use IAM token if present

lib/simplex.ex

@@ -35,6 +35,10 @@ defmodule Simplex do
     GenServer.call(simplex, {:set_aws_secret_access_key, secret_access_key})
   end
 
+  def aws_credentials(simplex) do
+    GenServer.call(simplex, :get_aws_credentials)
+  end
+
   def simpledb_url(simplex) do
     GenServer.call(simplex, :get_simpledb_url)
   end
@@ -75,7 +79,8 @@ defmodule Simplex do
     update = %{
       :aws_access_key        => credentials_from_metadata["AccessKeyId"],
       :aws_secret_access_key => credentials_from_metadata["SecretAccessKey"],
-      :expires_at            => credentials_from_metadata["Expiration"]
+      :expires_at            => credentials_from_metadata["Expiration"],
+      :token                 => credentials_from_metadata["Token"]
     }
     Map.merge(config, update)
   end
@@ -106,6 +111,10 @@ defmodule Simplex do
     end
   end
 
+  def handle_call(:get_aws_credentials, _from, config) do
+    {:reply, Map.take(config, [:aws_access_key, :aws_secret_access_key, :token]), config}
+  end
+
   def handle_call(:get_simpledb_url, _from, config) do
     {:reply, config[:simpledb_url], config}
   end
@@ -114,13 +123,15 @@ defmodule Simplex do
     config = config
              |> Map.put(:aws_access_key, access_key)
              |> Map.delete(:expires_at)
+             |> Map.delete(:token)
     {:reply, config[:aws_access_key], config}
   end
 
   def handle_call({:set_aws_secret_access_key, secret_access_key}, _from, config) do
     config = config
              |> Map.put(:aws_secret_access_key, secret_access_key)
              |> Map.delete(:expires_at)
+             |> Map.delete(:token)
     {:reply, config[:aws_secret_access_key], config}
   end
 

lib/simplex/request.ex

@@ -3,21 +3,21 @@ defmodule Simplex.Request do
   alias Simplex.Response
   use Timex
 
-  def get(params, config) do
-    response = Simplex.simpledb_url(config)
-               |> signed(params, config)
+  def get(params, simplex) do
+    response = Simplex.simpledb_url(simplex)
+               |> signed(params, Simplex.aws_credentials(simplex))
                |> HTTPoison.get
     Response.handle(params["Action"], response)
   end
 
-  def signed(url, params, config) do
+  def signed(url, params, aws_credentials) do
     uri = URI.parse(url)
 
-    query = query_string(params, config)
+    query = query_string(params, aws_credentials)
 
     request = Enum.join(["GET", uri.host, uri.path || "/", query], "\n")
 
-    signature = :crypto.hmac(:sha256, String.to_char_list(Simplex.aws_secret_access_key(config)), String.to_char_list(request))
+    signature = :crypto.hmac(:sha256, String.to_char_list(aws_credentials[:aws_secret_access_key]), String.to_char_list(request))
                 |> :base64.encode
                 |> URI.encode
                 |> String.replace("/", "%2F")
@@ -27,17 +27,29 @@ defmodule Simplex.Request do
     "#{uri.scheme}://#{uri.authority}#{uri.path || "/"}?#{query}&Signature=#{signature}"
   end
 
-  defp auth_params(config) do
+  defp auth_params(%{token: token} = aws_credentials) do
     [
-      AWSAccessKeyId: Simplex.aws_access_key(config),
+      AWSAccessKeyId: aws_credentials[:aws_access_key],
+      SignatureVersion: 2,
+      SignatureMethod: "HmacSHA256",
+      Timestamp: DateFormat.format!(Date.now, "{ISOz}"),
+      SecurityToken: token
+    ]
+  end
+
+  defp auth_params(aws_credentials) do
+    [
+      AWSAccessKeyId: aws_credentials[:aws_access_key],
       SignatureVersion: 2,
       SignatureMethod: "HmacSHA256",
       Timestamp: DateFormat.format!(Date.now, "{ISOz}")
     ]
   end
 
-  defp query_string(params, config) do
-    Parameters.from_map(params) ++ [{:Version, "2009-04-15"}] ++ auth_params(config)
+
+
+  defp query_string(params, aws_credentials) do
+    Parameters.from_map(params) ++ [{:Version, "2009-04-15"}] ++ auth_params(aws_credentials)
     |> Enum.sort
     |> URI.encode_query
     |> String.replace("+", "%20")