This repository has been archived by the owner on Feb 18, 2023. It is now read-only.
/
helpers.go
96 lines (74 loc) · 2.82 KB
/
helpers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package internal
import (
"fmt"
"os"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
)
// SetEvn sets role credentials to the OS environment for subsequently executed commands/subshells
func SetEvn(c *sts.Credentials) {
fmt.Println(c)
fmt.Println(*c.AccessKeyId)
os.Setenv("AWS_ACCESS_KEY_ID", *c.AccessKeyId)
os.Setenv("AWS_SECRET_ACCESS_KEY", *c.SecretAccessKey)
os.Setenv("AWS_SESSION_TOKEN", *c.SessionToken)
fmt.Println(os.Environ())
}
// SourceableBashEnv prints commands to set credentials
// can be used in combination with $eval() to affect parent shell
func SourceableBashEnv(c *sts.Credentials) {
fmt.Printf("export AWS_ACCESS_KEY_ID=\"%s\"\n", *c.AccessKeyId)
fmt.Printf("export AWS_SECRET_ACCESS_KEY=\"%s\"\n", *c.SecretAccessKey)
fmt.Printf("export AWS_SESSION_TOKEN=\"%s\"\n", *c.SessionToken)
}
// SourceableUnsetBashEnv prints commands to unset credentials
// can be used in combination with $eval() to affect parent shell
func SourceableUnsetBashEnv() {
fmt.Println("unset AWS_ACCESS_KEY_ID")
fmt.Println("unset AWS_SECRET_ACCESS_KEY")
fmt.Println("unset AWS_SESSION_TOKEN")
}
// AssumeRole attempts to acquire temporary role credentials using AWS config settings paired with explicit config parameters
// respects default chain of credential providers - i.e. env, shared credentials file (~/.aws/credentials) or EC2 instance role
func AssumeRole(region string, roleArn string, sessionName string) (*sts.Credentials, error) {
// create session
sess, err := session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
})
if err != nil {
return nil, err
}
// create service
svc := sts.New(sess)
// set input values
params := &sts.AssumeRoleInput{
RoleArn: aws.String(roleArn),
RoleSessionName: aws.String(sessionName),
}
// attempt
result, err := svc.AssumeRole(params)
if err != nil {
return nil, err
}
return result.Credentials, nil
}
// AssumeRoleViaProfile attempts to acquire temporary role credentials using AWS config settings paired with a profile name
// respects default chain of credential providers - i.e. env, shared credentials file (~/.aws/credentials) or EC2 instance role
func AssumeRoleViaProfile(profile string) (*sts.Credentials, error) {
// create session
sess, err := session.NewSessionWithOptions(session.Options{
Profile: profile,
SharedConfigState: session.SharedConfigEnable,
})
if err != nil {
return nil, err
}
result, err := sess.Config.Credentials.Get()
// force result into (currently) from credentials.Value into standardized upon sts.Credentials
var c sts.Credentials
c.AccessKeyId = aws.String(result.AccessKeyID)
c.SecretAccessKey = aws.String(result.SecretAccessKey)
c.SessionToken = aws.String(result.SessionToken)
return &c, nil
}