rahulpsd18 · rahulpsd18 · Jul 9, 2020 · Apr 10, 2020 · Apr 11, 2020 · Apr 11, 2020
diff --git a/README.md b/README.md
@@ -69,6 +69,10 @@ cbr <command> [options]
 > `--aws-secret-key` `--secret`: The AWS Secret Key to use. Not to be passed when using `--profile`.
 >
 > `--delay`: delay in millis between alternate users batch(60) backup, to avoid rate limit error.
+>
+> `--use-env-vars`: Use AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN (optional) as environment variables
+>
+> `--use-ec2-metadata`: Use credentials received from the metadata service on an EC2 instance
 
 ![Image showing CLI Usage](gifs/demo.png "CLI Usage")
 

diff --git a/src/cli/args.ts b/src/cli/args.ts
@@ -91,6 +91,16 @@ export const argv = yargs
         describe: dimmed`delay in millis between alternate users batch(60) backup, to avoid rate limit error`,
         number: true
     })
+    .option('use-ec2-metadata', {
+        alias: ['metadata'],
+        describe: dimmed`Use iam role in ec2 instance.`,
+        type: 'boolean'
+    })
+    .option('use-env-vars', {
+        alias: ['env'],
+        describe: dimmed`Use credentials from environment variables.`,
+        type: 'boolean'
+    })
 
     // help
     .help('help', dimmed`Show help`)

diff --git a/src/cli/cli.ts b/src/cli/cli.ts
@@ -14,7 +14,7 @@ const orange = chalk.keyword('orange');
 (async () => {
     let spinner = ora({ spinner: 'dots4', hideCursor: true });
     try {
-        const { mode, profile, region, key, secret, userpool, directory, file, password, passwordModulePath, delay } = await options;
+        const { mode, profile, region, key, secret, userpool, directory, file, password, passwordModulePath, delay, metadata, env} = await options;
 
         // update the config of aws-sdk based on profile/credentials passed
         AWS.config.update({ region });
@@ -25,7 +25,11 @@ const orange = chalk.keyword('orange');
             AWS.config.credentials = new AWS.Credentials({
                 accessKeyId: key, secretAccessKey: secret
             });
-        }
+        } else if (env) {
+            AWS.config.credentials = new AWS.EnvironmentCredentials('AWS');
+        } else if (metadata) {
+            AWS.config.credentials = new AWS.EC2MetadataCredentials({});
+        } 
 
         const cognitoISP = new AWS.CognitoIdentityServiceProvider();
 

diff --git a/src/cli/options.ts b/src/cli/options.ts
@@ -9,16 +9,6 @@ inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'))
 inquirer.registerPrompt('filePath', require('inquirer-file-path'));
 
 const greenify = chalk.green;
-const credentials = new AWS.IniLoader().loadFrom({});
-const savedAWSProfiles = Object.keys(credentials);
-
-const searchAWSProfile = async (_: never, input: string) => {
-    input = input || '';
-    const fuzzyResult = fuzzy.filter(input, savedAWSProfiles);
-    return fuzzyResult.map(el => {
-        return el.original;
-    });
-};
 
 const searchCognitoRegion = async (_: never, input: string) => {
     input = input || '';
@@ -42,7 +32,7 @@ const searchCognitoRegion = async (_: never, input: string) => {
 };
 
 const verifyOptions = async () => {
-    let { mode, profile, region, key, secret, userpool, directory, file, password, passwordModulePath, delay } = argv;
+    let { mode, profile, region, key, secret, userpool, directory, file, password, passwordModulePath, delay, metadata, env } = argv;
 
     // choose the mode if not passed through CLI or invalid is passed
     if (!mode || !['restore', 'backup'].includes(mode)) {
@@ -56,19 +46,30 @@ const verifyOptions = async () => {
         mode = modeChoice.selected.toLowerCase();
     }
 
-    // choose your profile from available AWS profiles if not passed through CLI
-    // only shown in case when no valid profile or no key && secret is passed.
-    if (!savedAWSProfiles.includes(profile) && (!key || !secret)) {
-        const awsProfileChoice = await inquirer.prompt({
-            type: 'autocomplete',
-            name: 'selected',
-            message: 'Choose your AWS Profile',
-            source: searchAWSProfile,
-        } as inquirer.Question);
-
-        profile = awsProfileChoice.selected;
-    };
+    if (!metadata && !env) {
+        const credentials = new AWS.IniLoader().loadFrom({});
+        const savedAWSProfiles = Object.keys(credentials);
 
+        const searchAWSProfile = async (_: never, input: string) => {
+            input = input || '';
+            const fuzzyResult = fuzzy.filter(input, savedAWSProfiles);
+            return fuzzyResult.map(el => {
+                return el.original;
+            });
+        };
+        // choose your profile from available AWS profiles if not passed through CLI
+        // only shown in case when no valid profile or no key && secret is passed.
+        if (!savedAWSProfiles.includes(profile) && (!key || !secret)) {
+            const awsProfileChoice = await inquirer.prompt({
+                type: 'autocomplete',
+                name: 'selected',
+                message: 'Choose your AWS Profile',
+                source: searchAWSProfile,
+            } as inquirer.Question);
+
+            profile = awsProfileChoice.selected;
+        };
+    }
     // choose your region if not passed through CLI
     if (!region) {
         const awsRegionChoice = await inquirer.prompt({
@@ -91,7 +92,11 @@ const verifyOptions = async () => {
             AWS.config.credentials = new AWS.Credentials({
                 accessKeyId: key, secretAccessKey: secret
             });
-        }
+        } else if (env) {
+            AWS.config.credentials = new AWS.EnvironmentCredentials('AWS');
+        } else if (metadata) {
+            AWS.config.credentials = new AWS.EC2MetadataCredentials({});
+        } 
 
         const cognitoISP = new AWS.CognitoIdentityServiceProvider();
         const { UserPools } = await cognitoISP.listUserPools({ MaxResults: 60 }).promise();
@@ -158,7 +163,7 @@ const verifyOptions = async () => {
             throw Error(`Cannot load password module path "${passwordModulePath}".`);
         }
     }
-    return { mode, profile, region, key, secret, userpool, directory, file, password, passwordModulePath, delay }
+    return { mode, profile, region, key, secret, userpool, directory, file, password, passwordModulePath, delay, metadata, env }
 };