feat: refresh AWS credentials periodically (#31)

api/api.go

@@ -34,6 +34,7 @@ func New(ctx context.Context, logger *zap.Logger, cfg Config) (*Api, error) {
 	}
 	// Refresh endpoints periodically
 	br.RefreshEndpointsPeriodically(ctx)
+	br.RefreshAWSCredentialsPeriodically(ctx, logger)
 
 	return &Api{
 		logger: logger,

boltrouter/aws_credentials_client.go

@@ -4,9 +4,11 @@ import (
 	"context"
 	"fmt"
 	"sync"
+	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
+	"go.uber.org/zap"
 )
 
 // awsCredentialsMap is used to cache aws credentials for a given region.
@@ -17,7 +19,6 @@ func getAwsCredentialsFromRegion(ctx context.Context, region string) (aws.Creden
 	if awsCred, ok := awsCredentialsMap.Load(region); ok {
 		return awsCred.(aws.Credentials), nil
 	}
-
 	return newAwsCredentialsFromRegion(ctx, region)
 }
 
@@ -32,6 +33,42 @@ func newAwsCredentialsFromRegion(ctx context.Context, region string) (aws.Creden
 	if err != nil {
 		return aws.Credentials{}, fmt.Errorf("could not retrieve aws credentials: %w", err)
 	}
+
 	awsCredentialsMap.Store(awsConfig.Region, cred)
 	return cred, nil
 }
+
+func refreshAWSCredentials(ctx context.Context, logger *zap.Logger) {
+
+	awsCredentialsMap.Range(func(key, value interface{}) bool {
+		region := key.(string)
+		cred := value.(aws.Credentials)
+
+		if cred.CanExpire {
+			// if credential can expire, get new credentials for the region
+			refreshedCreds, err := newAwsCredentialsFromRegion(ctx, region)
+			if err != nil {
+				logger.Error(fmt.Sprintf("aws credential refresh failed for region %s", region), zap.Error(err))
+				return true
+			}
+			awsCredentialsMap.Store(region, refreshedCreds)
+		}
+		return true
+	})
+}
+
+func (br *BoltRouter) RefreshAWSCredentialsPeriodically(ctx context.Context, logger *zap.Logger) {
+	ticker := time.NewTicker(30 * time.Minute)
+
+	go func() {
+		for {
+			select {
+			case <-ctx.Done():
+				ticker.Stop()
+				return
+			case <-ticker.C:
+				refreshAWSCredentials(ctx, logger)
+			}
+		}
+	}()
+}