scribd · Neurostep · Nov 26, 2025 · Nov 26, 2025
@@ -6,7 +6,6 @@ require (
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/DATA-DOG/go-txdb v0.2.1
 	github.com/DataDog/datadog-go v4.8.3+incompatible
-	github.com/aws/aws-sdk-go v1.55.8
 	github.com/aws/aws-sdk-go-v2 v1.38.3
 	github.com/aws/aws-sdk-go-v2/config v1.31.6
 	github.com/aws/aws-sdk-go-v2/credentials v1.18.10
@@ -53,7 +52,6 @@ require (
 	github.com/DataDog/datadog-agent/pkg/version v0.67.0 // indirect
 	github.com/DataDog/datadog-go/v5 v5.6.0 // indirect
 	github.com/DataDog/dd-trace-go/contrib/aws/aws-sdk-go-v2/v2 v2.2.2 // indirect
-	github.com/DataDog/dd-trace-go/contrib/aws/aws-sdk-go/v2 v2.2.2 // indirect
 	github.com/DataDog/dd-trace-go/contrib/database/sql/v2 v2.2.2 // indirect
 	github.com/DataDog/dd-trace-go/contrib/google.golang.org/grpc/v2 v2.2.2 // indirect
 	github.com/DataDog/dd-trace-go/contrib/gorilla/mux/v2 v2.2.2 // indirect
@@ -110,7 +108,6 @@ require (
 	github.com/jackc/pgx/v5 v5.7.4 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 // indirect

@@ -30,8 +30,6 @@ github.com/DataDog/datadog-go/v5 v5.6.0 h1:2oCLxjF/4htd55piM75baflj/KoE6VYS7alEU
 github.com/DataDog/datadog-go/v5 v5.6.0/go.mod h1:K9kcYBlxkcPP8tvvjZZKs/m1edNAUFzBbdpTUKfCsuw=
 github.com/DataDog/dd-trace-go/contrib/aws/aws-sdk-go-v2/v2 v2.2.2 h1:Ui/Ytb7rT+Pr2dIFGXb7dNLmwTeQl5zRwg2noN7qjpo=
 github.com/DataDog/dd-trace-go/contrib/aws/aws-sdk-go-v2/v2 v2.2.2/go.mod h1:QQYz/5MTt1raCPrKvMB58BWaoLnzibVs+2/kkK7YqCY=
-github.com/DataDog/dd-trace-go/contrib/aws/aws-sdk-go/v2 v2.2.2 h1:X43tCYW9O7N+BOhKkxpHgd8vpH18DwSaGLdqkKwI6Do=
-github.com/DataDog/dd-trace-go/contrib/aws/aws-sdk-go/v2 v2.2.2/go.mod h1:pIfkPoAckG3upL1k8qpS5JP+d5WAAmQruVVLROPbT+E=
 github.com/DataDog/dd-trace-go/contrib/database/sql/v2 v2.2.2 h1:ZXgDhQiNfact4mdfO/Ku3snpN1/lybxiMkO+hMb70jg=
 github.com/DataDog/dd-trace-go/contrib/database/sql/v2 v2.2.2/go.mod h1:ys6rzOgXWXVo19xOK7Nvb9yu5Ma+mMHNkySZKOwu9Nw=
 github.com/DataDog/dd-trace-go/contrib/google.golang.org/grpc/v2 v2.2.2 h1:P/gnJUX8KBWxOozGr8g+ziE6w4DLNGYageI9eu7xhsk=
@@ -67,8 +65,6 @@ github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lpr
 github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ=
-github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk=
 github.com/aws/aws-sdk-go-v2 v1.38.3 h1:B6cV4oxnMs45fql4yRH+/Po/YU+597zgWqvDpYMturk=
 github.com/aws/aws-sdk-go-v2 v1.38.3/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 h1:i8p8P4diljCr60PpJp6qZXNlgX4m2yQFpYk+9ZT+J4E=
@@ -238,10 +234,6 @@ github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=

@@ -4,10 +4,8 @@ import (
 	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
-	awssession "github.com/aws/aws-sdk-go/aws/session"
 
 	awstracev2 "gopkg.in/DataDog/dd-trace-go.v1/contrib/aws/aws-sdk-go-v2/aws"
-	awstrace "gopkg.in/DataDog/dd-trace-go.v1/contrib/aws/aws-sdk-go/aws"
 )
 
 // Settings stores DataDog instrumentation settings.
@@ -17,18 +15,6 @@ type Settings struct {
 	AnalyticsRate float64
 }
 
-// InstrumentAWSSession configures DD tracing mode.
-//
-// Deprecated: Use InstrumentAWSClient instead.
-func InstrumentAWSSession(session *awssession.Session, settings Settings) *awssession.Session {
-	return awstrace.WrapSession(
-		session,
-		awstrace.WithServiceName(fmt.Sprintf("%s-aws", settings.AppName)),
-		awstrace.WithAnalytics(settings.Analytics),
-		awstrace.WithAnalyticsRate(settings.AnalyticsRate),
-	)
-}
-
 // InstrumentAWSClient configures DD tracing mode.
 func InstrumentAWSClient(cfg *aws.Config, settings Settings) {
 	awstracev2.AppendMiddleware(

@@ -5,14 +5,9 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/s3"
-
-	awsv2 "github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awscfg "github.com/aws/aws-sdk-go-v2/config"
-	awss3v2 "github.com/aws/aws-sdk-go-v2/service/s3"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
 	smithyendpoints "github.com/aws/smithy-go/endpoints"
 
 	"github.com/stretchr/testify/assert"
@@ -28,7 +23,7 @@ type (
 )
 
 func (t testCustomResolver) ResolveEndpoint(
-	ctx context.Context, params awss3v2.EndpointParameters) (smithyendpoints.Endpoint, error) {
+	ctx context.Context, params s3.EndpointParameters) (smithyendpoints.Endpoint, error) {
 	uri, err := url.Parse("http://localhost:4566")
 	if err != nil {
 		return smithyendpoints.Endpoint{}, err
@@ -40,57 +35,11 @@ func (t testCustomResolver) ResolveEndpoint(
 
 }
 
-func TestInstrumentAWSSession(t *testing.T) {
-	cfg := aws.NewConfig().
-		WithRegion("us-west-2").
-		WithDisableSSL(true).
-		WithCredentials(credentials.AnonymousCredentials)
-
-	sess := session.Must(session.NewSession(cfg))
-	sess = InstrumentAWSSession(sess, Settings{AppName: "testApp"})
-
-	var (
-		tagAWSAgent     = "aws.agent"
-		tagAWSOperation = "aws.operation"
-		tagAWSRegion    = "aws.region"
-	)
-
-	t.Run("s3", func(t *testing.T) {
-		mt := mocktracer.Start()
-		defer mt.Stop()
-
-		root, ctx := tracer.StartSpanFromContext(context.Background(), "test")
-
-		s3api := s3.New(sess)
-		_, err := s3api.GetObjectWithContext(ctx, &s3.GetObjectInput{
-			Bucket: aws.String("test-bucket-name"),
-			Key:    aws.String("//test//file//name"),
-		})
-
-		require.NotNil(t, err)
-		root.Finish()
-
-		spans := mt.FinishedSpans()
-		assert.Len(t, spans, 2)
-		assert.Equal(t, spans[1].TraceID(), spans[0].TraceID())
-
-		s := spans[0]
-		assert.Equal(t, "s3.command", s.OperationName())
-		assert.Contains(t, s.Tag(tagAWSAgent), "aws-sdk-go")
-		assert.Equal(t, "GetObject", s.Tag(tagAWSOperation))
-		assert.Equal(t, "us-west-2", s.Tag(tagAWSRegion))
-		assert.Equal(t, "s3.GetObject", s.Tag(ext.ResourceName))
-		assert.Equal(t, "testApp-aws", s.Tag(ext.ServiceName))
-		assert.Equal(t, "GET", s.Tag(ext.HTTPMethod))
-		assert.Equal(t, "http://test-bucket-name.s3.us-west-2.amazonaws.com/test/file/name", s.Tag(ext.HTTPURL))
-	})
-}
-
 func TestInstrumentAWSClient(t *testing.T) {
 	cfg, err := awscfg.LoadDefaultConfig(
 		context.Background(),
 		awscfg.WithRegion("us-west-2"),
-		awscfg.WithCredentialsProvider(awsv2.AnonymousCredentials{}),
+		awscfg.WithCredentialsProvider(aws.AnonymousCredentials{}),
 	)
 	require.NoError(t, err)
 
@@ -106,10 +55,10 @@ func TestInstrumentAWSClient(t *testing.T) {
 		mt := mocktracer.Start()
 		defer mt.Stop()
 
-		client := awss3v2.NewFromConfig(cfg, awss3v2.WithEndpointResolverV2(&testCustomResolver{}))
+		client := s3.NewFromConfig(cfg, s3.WithEndpointResolverV2(&testCustomResolver{}))
 		root, ctx := tracer.StartSpanFromContext(context.Background(), "test")
 
-		_, err := client.GetObject(ctx, &awss3v2.GetObjectInput{
+		_, err := client.GetObject(ctx, &s3.GetObjectInput{
 			Bucket: aws.String("test-bucket-name"),
 			Key:    aws.String("//test//file//name"),
 		})

@@ -7,13 +7,10 @@ import (
 	"net"
 	"time"
 
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/sts"
-	"github.com/twmb/franz-go/pkg/kgo"
-
 	"github.com/aws/aws-sdk-go-v2/aws"
-	stsv2 "github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
 
+	"github.com/twmb/franz-go/pkg/kgo"
 	awssasl "github.com/twmb/franz-go/pkg/sasl/aws"
 	"github.com/twmb/franz-go/pkg/sasl/plain"
 
@@ -27,10 +24,6 @@ type Config struct {
 	ApplicationName string
 	// Kafka configuration provided by go-sdk
 	KafkaConfig pubsub.Kafka
-	// AWS session reference, it will be used in case AWS MSK IAM authentication mechanism is used
-	//
-	// Deprecated: Use AwsConfig instead
-	AwsSession *session.Session
 	// MsgHandler is a function that will be called when a message is received
 	MsgHandler MsgHandler
 	// AWS configuration reference, it will be used in case AWS MSK IAM authentication mechanism is used
@@ -51,7 +44,7 @@ func newConfig(c Config, opts ...kgo.Opt) ([]kgo.Opt, error) {
 		case pubsub.Plain:
 			options = append(options, getPlainSaslOption(c.KafkaConfig.SASL))
 		case pubsub.AWSMskIam:
-			options = append(options, getAwsMskIamSaslOption(c.KafkaConfig.SASL.AWSMskIam, c.AwsSession, c.AwsConfig))
+			options = append(options, getAwsMskIamSaslOption(c.KafkaConfig.SASL.AWSMskIam, c.AwsConfig))
 		}
 	}
 
@@ -109,11 +102,11 @@ func getPlainSaslOption(saslConf pubsub.SASL) kgo.Opt {
 	}.AsMechanism())
 }
 
-func getAwsMskIamSaslOption(iamConf pubsub.SASLAwsMskIam, s *session.Session, awsCfg *aws.Config) kgo.Opt {
+func getAwsMskIamSaslOption(iamConf pubsub.SASLAwsMskIam, awsCfg *aws.Config) kgo.Opt {
 	var opt kgo.Opt
 
 	// no AWS session and AWS config provided
-	if s == nil && awsCfg == nil {
+	if awsCfg == nil {
 		opt = kgo.SASL(awssasl.Auth{
 			AccessKey:    iamConf.AccessKey,
 			SecretKey:    iamConf.SecretKey,
@@ -123,10 +116,6 @@ func getAwsMskIamSaslOption(iamConf pubsub.SASLAwsMskIam, s *session.Session, aw
 	} else {
 		opt = kgo.SASL(
 			awssasl.ManagedStreamingIAM(func(ctx context.Context) (awssasl.Auth, error) {
-				if s != nil {
-					return getAwsSaslAuthFromSession(iamConf, s)
-				}
-
 				return getAwsSaslAuthFromConfig(ctx, iamConf, awsCfg)
 			}),
 		)
@@ -135,40 +124,6 @@ func getAwsMskIamSaslOption(iamConf pubsub.SASLAwsMskIam, s *session.Session, aw
 	return opt
 }
 
-func getAwsSaslAuthFromSession(iamConf pubsub.SASLAwsMskIam, s *session.Session) (awssasl.Auth, error) {
-	// If assumable role is not provided, we try to get credentials from the provided AWS session
-	if iamConf.AssumableRole == "" {
-		val, err := s.Config.Credentials.Get()
-		if err != nil {
-			return awssasl.Auth{}, err
-		}
-
-		return awssasl.Auth{
-			AccessKey:    val.AccessKeyID,
-			SecretKey:    val.SecretAccessKey,
-			SessionToken: val.SessionToken,
-			UserAgent:    iamConf.UserAgent,
-		}, nil
-	}
-
-	svc := sts.New(s)
-
-	res, stsErr := svc.AssumeRole(&sts.AssumeRoleInput{
-		RoleArn:         &iamConf.AssumableRole,
-		RoleSessionName: &iamConf.SessionName,
-	})
-	if stsErr != nil {
-		return awssasl.Auth{}, stsErr
-	}
-
-	return awssasl.Auth{
-		AccessKey:    *res.Credentials.AccessKeyId,
-		SecretKey:    *res.Credentials.SecretAccessKey,
-		SessionToken: *res.Credentials.SessionToken,
-		UserAgent:    iamConf.UserAgent,
-	}, nil
-}
-
 func getAwsSaslAuthFromConfig(
 	ctx context.Context,
 	iamConf pubsub.SASLAwsMskIam,
@@ -188,9 +143,9 @@ func getAwsSaslAuthFromConfig(
 		}, nil
 	}
 
-	client := stsv2.NewFromConfig(*awsCfg)
+	client := sts.NewFromConfig(*awsCfg)
 
-	res, stsErr := client.AssumeRole(ctx, &stsv2.AssumeRoleInput{
+	res, stsErr := client.AssumeRole(ctx, &sts.AssumeRoleInput{
 		RoleArn:         &iamConf.AssumableRole,
 		RoleSessionName: &iamConf.SessionName,
 	})