-
Notifications
You must be signed in to change notification settings - Fork 132
/
aws_sdk.go
117 lines (97 loc) · 3.52 KB
/
aws_sdk.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package broker
import (
"errors"
"io/ioutil"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/cloudformation"
"github.com/aws/aws-sdk-go/service/dynamodb"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/iam/iamiface"
"github.com/aws/aws-sdk-go/service/lambda"
"github.com/aws/aws-sdk-go/service/lambda/lambdaiface"
"github.com/aws/aws-sdk-go/service/s3"
"github.com/aws/aws-sdk-go/service/ssm"
"github.com/aws/aws-sdk-go/service/ssm/ssmiface"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/aws/aws-sdk-go/service/sts/stsiface"
"github.com/golang/glog"
)
// Create AWS Session
func AwsSessionGetter(keyid string, secretkey string, region string, accountId string, profile string, params map[string]string) *session.Session {
// Check whether the target region has been overridden
if params["region"] != "" {
region = params["region"]
}
creds := awsCredentialsGetter(keyid, secretkey, profile, params, ec2metadata.New(session.Must(session.NewSession())), sts.New(session.Must(session.NewSession())))
cfg := aws.NewConfig().WithCredentials(&creds).WithRegion(region)
currentAccountSession := session.Must(session.NewSession(cfg))
sess, err := assumeTargetRole(currentAccountSession, params, region, accountId)
if err != nil {
panic(err)
}
return sess
}
func AwsCfnClientGetter(sess *session.Session) CfnClient {
return CfnClient{cloudformation.New(sess)}
}
func AwsSsmClientGetter(sess *session.Session) ssmiface.SSMAPI {
return ssm.New(sess)
}
func AwsS3ClientGetter(sess *session.Session) S3Client {
return S3Client{s3.New(sess)}
}
func AwsDdbClientGetter(sess *session.Session) *dynamodb.DynamoDB {
return dynamodb.New(sess)
}
func AwsStsClientGetter(sess *session.Session) *sts.STS {
return sts.New(sess)
}
func AwsIamClientGetter(sess *session.Session) iamiface.IAMAPI {
return iam.New(sess)
}
func AwsLambdaClientGetter(sess *session.Session) lambdaiface.LambdaAPI {
return lambda.New(sess)
}
func GetCallerId(svc stsiface.STSAPI) (*sts.GetCallerIdentityOutput, error) {
return svc.GetCallerIdentity(&sts.GetCallerIdentityInput{})
}
func assumeTargetRole(sess *session.Session, params map[string]string, region string, accountId string) (*session.Session, error) {
if params["target_role_name"] == "" {
glog.Infof("Parameter 'target_role_name' not set. Not assuming role.")
return sess, nil
}
// retrieve AWS partition from instance metadata service
partition, err := ec2metadata.New(sess).GetMetadata("/services/partition")
if err != nil {
partition = "aws" // no access to metadata service, defaults to AWS Standard Partition
}
targetAccountRoleArn := generateRoleArn(params, accountId, partition)
glog.Infof("Assuming role arn '%s'.", targetAccountRoleArn)
credentialsTargetAccount := stscreds.NewCredentials(sess, targetAccountRoleArn)
sessionTargetAccount := session.Must(session.NewSession(&aws.Config{
Region: ®ion,
Credentials: credentialsTargetAccount,
}))
return sessionTargetAccount, nil
}
func getObjectBody(s3svc S3Client, bucket, key string) ([]byte, error) {
obj, err := s3svc.Client.GetObject(&s3.GetObjectInput{
Bucket: aws.String(bucket),
Key: aws.String(key),
})
if err != nil {
return nil, err
}
if obj.Body == nil {
return nil, errors.New("s3 object body missing")
}
defer obj.Body.Close()
file, err := ioutil.ReadAll(obj.Body)
if err != nil {
return nil, err
}
return file, nil
}