Switch RoleしてS3にアクセスできるようにする

README.md

@@ -39,6 +39,7 @@ Whether it's for verifying the file structure, sharing the structure with your t
 - **Colorized Output**: By default, `stree` provides a colorized tree structure, making it easy to differentiate between directories and files at a glance. This feature can be turned off with the `-n` or `--no-color` flag.
 - **LocalStack Support**: `stree` supports local testing with LocalStack, a fully functional local AWS cloud stack, thanks to the `--local` and `--endpoint-url` flags.
 - **Custom AWS Profile and Region**: Specify the AWS profile and region with the `--profile` and `--region` flags to override the default settings as needed.
+- **Switch Role Support**: Specify ARN of the role that can access the target S3 bucket with the `--switch-role` flag.
 - **Ease of Installation**: Install `stree` via Go, Homebrew, or by downloading the latest compiled binaries from the GitHub releases page.
 
 # Install
@@ -197,6 +198,7 @@ Flags:
   -n, --no-color              Disable colorized output
   -p, --profile string        AWS profile to use (default "local")
   -r, --region string         AWS region to use (overrides the region specified in the profile)
+  -s, --switch-role string    Switch to ARN of the Role that can access the target S3 bucket
   -v, --version               version for stree
 ```
 

cmd/root.go

@@ -44,6 +44,7 @@ var (
 	endpointURL string
 	local       bool
 	noColor     bool
+	switchRole  string
 )
 
 var rootCmd = &cobra.Command{
@@ -57,6 +58,7 @@ var rootCmd = &cobra.Command{
 			AwsRegion:   awsRegion,
 			EndpointURL: endpointURL,
 			Local:       local,
+			SwitchRole:  switchRole,
 		}
 
 		s3Svc := pkg.InitializeAWSSession(s3Config)
@@ -103,6 +105,7 @@ func init() {
 	rootCmd.Flags().StringVarP(&endpointURL, "endpoint-url", "e", "", "AWS endpoint URL to use (useful for local testing with LocalStack)")
 	rootCmd.Flags().BoolVarP(&local, "local", "l", false, "Use LocalStack configuration")
 	rootCmd.Flags().BoolVarP(&noColor, "no-color", "n", false, "Disable colorized output")
+	rootCmd.Flags().StringVarP(&switchRole, "switch-role", "s", "", "Switch to ARN of the Role that can access the target S3 bucket")
 }
 
 func extractBucketAndPrefix(input string) (string, string, error) {

pkg/s3.go

@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/s3"
 )
@@ -15,6 +16,7 @@ type S3Config struct {
 	AwsRegion   string
 	EndpointURL string
 	Local       bool
+	SwitchRole  string
 }
 
 // InitializeAWSSession returns an AWS session based on the provided configuration
@@ -49,6 +51,11 @@ func InitializeAWSSession(config S3Config) *s3.S3 {
 		sessOptions.Config.Region = aws.String(config.AwsRegion)
 	}
 	sess = session.Must(session.NewSessionWithOptions(sessOptions))
+
+	if config.SwitchRole != "" {
+		return s3.New(sess, &aws.Config{Credentials: stscreds.NewCredentials(sess, config.SwitchRole)})
+	}
+
 	return s3.New(sess)
 }