This provides a credentials provider for https://github.com/aws/aws-sdk-go that reads from ~/.aws/config
. This
is in particular intended to help with assuming a role with MFA on.
# ~/.aws/credentials
[dev]
aws_access_key_id = <access key>
aws_secret_access_key = <secret key>
# ~/.aws/config
[profile prod]
role_arn = arn:aws:iam::<prod account id>:role/<cross account role>
source_profile = dev
mfa_serial = arn:aws:iam::<dev account id>:mfa/<device serial>
package main
import (
"fmt"
"log"
"time"
"github.com/Bowbaq/profilecreds"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/elasticbeanstalk"
)
func main() {
sess := session.New()
// Generate credentials that last 1 hour
profilecreds.DefaultDuration = 1 * time.Hour
// Use the "prod" profile, cache credentials between run in a temporary location
creds := profilecreds.NewCredentials("prod", func(p *profilecreds.AssumeRoleProfileProvider) {
p.Cache = profilecreds.NewFileCache("")
})
eb := elasticbeanstalk.New(sess, sess.Config.WithCredentials(creds).WithRegion("us-west-2"))
res, err := eb.DescribeApplications(nil)
check(err)
for _, app := range res.Applications {
fmt.Println(*app.ApplicationName)
}
}
func check(err error) {
if err != nil {
log.Fatalln(err)
}
}