backsaws

A backsaw is a hand saw with a reinforced back, typically for precision cuts. backsaws is a set of utilities for Cognitect AWS API. Backports from a future that never was, for the Cognitect AWS API. Get it?

Installation

Add the most recent git sha to deps.edn:

com.latacora/backsaws
{:git/url "https://github.com/latacora/backsaws.git"
 :git/sha "updateme"}

Pagination

Figures out how to paginate an API and do it automagically.

(require '[com.latacora.backsaws.pagination :refer [paginated-invoke]])

(paginated-invoke
  (aws/client {:api :organizations})
  {:op :ListAccountsForParent
   :request {:ParentId "ou-xyzzy"}})

aws-vault CredentialsProvider

A CredentialsProvider backed by aws-vault.

(require '[com.latacora.backsaws.credentials-providers :as cp])

(def provider
  ;; Either specify a profile name or let the provider get it from either the environment
  ;; variable `AWS_PROFILE` the Java system property `aws.profile` *or* fall back to `default`
  (if-let [profile-name (config/get :aws-profile-name)]
    (cp/aws-vault-provider profile-name)
    (cp/aws-vault-provider))

;; Include the provider in the config when creating a client
(def client (aws/client {:api :s3 :credentials-provider provider}))

;; Use the client normally
(aws/invoke client {:op :ListBuckets})

credential_process CredentialsProvider

A CredentialsProvider that supports credential_process.

This requires the active AWS CLI profile (which could be default) to have the key credential_process set to a command that this provider can invoke to get valid credentials.

(require '[com.latacora.backsaws.credentials-providers :as cp])

(def provider
  ;; Either specify a profile name or let the provider get it from either the environment
  ;; variable `AWS_PROFILE` the Java system property `aws.profile` *or* fall back to `default`
  (if-let [profile-name (config/get :aws-profile-name)]
    (cp/credential-process-provider profile-name)
    (cp/credential-process-provider))

;; Include the provider in the config when creating a client
(def client (aws/client {:api :s3 :credentials-provider provider}))

;; Use the client normally
(aws/invoke client {:op :ListBuckets})

This has been tested with aws-sso-util — specifically with its command credential-process.

Chaining CredentialsProviders

If you’d like your program to look for credentials in various places just like aws-api does by default, only you’d like it to also look at aws-vault and/or credential_process using one or both of the CredentialProviders above, you can accomplish this via chain-credentials-provider:

(require '[cognitect.aws.client.api :as aws]
         '[cognitect.aws.credentials :as creds]
         '[com.latacora.backsaws.credentials-providers :as cp])

(def provider
  (let [http-client (aws/default-http-client)]
    (creds/chain-credentials-provider
     [(creds/environment-credentials-provider)
      (creds/system-property-credentials-provider)
      (creds/profile-credentials-provider)
      (creds/container-credentials-provider http-client)
      (creds/instance-profile-credentials-provider http-client)
      (cp/aws-vault-provider)
      (cp/credential-process-provider)])))

You can rearrange those entries into whatever order you’d like, remove any of those, etc.

Development

Run the tests:

bin/test

Run tests, linters etc for CI:

clojure -A:deps -T:build ci

Deploy to Clojars:

clojure -A:deps -T:build deploy

License

Copyright © Latacora

Distributed under the Eclipse Public License version 1.0.