README
¶
go-aws-auth
Go package providing methods and tools for determining or assigning AWS credentials.
Credentials
Credentials for URIs are defined as string labels. They are:
| Label | Description |
|---|---|
anon: |
Empty or anonymous credentials. |
env: |
Read credentials from AWS defined environment variables. |
iam: |
Assume AWS IAM credentials are in effect. |
sts:{ARN} |
Assume the role defined by {ARN} using STS credentials. |
{AWS_PROFILE_NAME} |
This this profile from the default AWS credentials location. |
{AWS_CREDENTIALS_PATH}:{AWS_PROFILE_NAME} |
This this profile from a user-defined AWS credentials location. |
For example:
aws:///us-east-1?credentials=iam:
Documentation
¶
Overview ¶
package auth provides methods and tools for determining or assigning AWS credentials.
Index ¶
- Constants
- func CredentialsStringPatterns() []string
- func EC2RoleCredentials(ctx context.Context) (aws.Credentials, error)
- func GetCredentialsWithMFAWithContext(ctx context.Context, cfg aws.Config, device string, token string, ...) (*types.Credentials, error)
- func NewConfig(ctx context.Context, uri string) (aws.Config, error)
- func NewConfigWithCredentialsString(ctx context.Context, str_creds string) (aws.Config, error)
- func NewSSMClient(ctx context.Context, uri string) (*ssm.Client, error)
- func NewSSMClientWithCredentialsString(ctx context.Context, str_creds string) (*ssm.Client, error)
- func STSCredentialsForDeveloperIdentity(ctx context.Context, aws_cfg aws.Config, ...) (*types.Credentials, error)
- func ValidCredentials() []string
- func ValidCredentialsString() string
- type Credentials
- type STSCredentialsForDeveloperIdentityOptions
Constants ¶
const AnonymousCredentialsString string = "anon:"
const EnvironmentCredentialsString string = "env:"
const IAMCredentialsString string = "iam:"
const ProfileCredentialsTemplate string = "{profile}"
const ProfileFromPathCredentialsTemplate string = "{path}:{profile}"
const STSCredentialsPrefix string = "sts:"
const StaticCredentialsPrefix string = "static:"
const StaticCredentialsTemplate string = "static:{id}:{key}:{secret}"
Variables ¶
This section is empty.
Functions ¶
func CredentialsStringPatterns ¶
func CredentialsStringPatterns() []string
CredentialsStringPatterns() returns the list of valid credential strings patterns. DEPRECATED. Please use `ValidCredentials` instead.
func EC2RoleCredentials ¶
func EC2RoleCredentials(ctx context.Context) (aws.Credentials, error)
func GetCredentialsWithMFAWithContext ¶
func GetCredentialsWithMFAWithContext(ctx context.Context, cfg aws.Config, device string, token string, duration int32) (*types.Credentials, error)
GetCredentialsWithMFAWithContext will return a time-limited AWS credentials (defined by 'duration') for the account associated with 'cfg' a valid multi-factor authentication (MFS) token defined by 'token' using a custom `context.Context` instance.
func NewConfig ¶
NewConfig() returns a new `aws.Config` derived from 'uri' which is expected to be configured in the form of:
aws://{AWS_REGION}?credentials={CREDENTIALS_STRING}
Where {AWS_REGION} is a valid AWS region name and {CREDENTIALS_STRING} is a string in the form of:
`anon:` Use anonymous credentials
`env:` Use credentials derived from "AWS_" environment variables
`iam:` Use IAM credentials
`{PROFILE}` Use a specific profile defined by {PROFILE} from the default credentials file
`{PATH}:{PROFILE}` Use a specific profile definied by {PROFILE} from the credentials file defined by {PATH}
`static:{KEY}:{SECRET}:{TOKEN}` Read credentials as positional elements in a string
`` If credentials are passed as an empty string then use default credentials strategy defined by `aws-sdk-go-v2`
func NewConfigWithCredentialsString ¶
NewConfigWithCredentialsString() returns a new `aws.Config` derived from 'str_creds' which is expected to be passed in as one of the following:
`anon:` Use anonymous credentials
`env:` Use credentials derived from "AWS_" environment variables
`iam:` Use IAM credentials
`{PROFILE}` Use a specific profile defined by {PROFILE} from the default credentials file
`{PATH}:{PROFILE}` Use a specific profile definied by {PROFILE} from the credentials file defined by {PATH}
`static:{KEY}:{SECRET}:{TOKEN}` Read credentials as positional elements in a string
`` If credentials are passed as an empty string then use default credentials strategy defined by `aws-sdk-go-v2`
func STSCredentialsForDeveloperIdentity ¶
func STSCredentialsForDeveloperIdentity(ctx context.Context, aws_cfg aws.Config, opts *STSCredentialsForDeveloperIdentityOptions) (*types.Credentials, error)
STSCredentialsForDeveloperIdentity generate temporary STS (AWS) credentials for a developer identity.
func ValidCredentials ¶
func ValidCredentials() []string
ValidCredentials() returns the list of valid credential strings patterns.
func ValidCredentialsString ¶
func ValidCredentialsString() string
Types ¶
type Credentials ¶
type Credentials struct {
// Path is the path to the credentials file on disk
Path string
// contains filtered or unexported fields
}
type Credentials defines a struct for encapsulating information about an .ini style AWS credentials file
func NewCredentials ¶
func NewCredentials() (*Credentials, error)
NewCredentials will iterate through the list of default shared credentials files locations and return a new `Credentials` instance for the first match that can be successfully opened and parsed as a .ini-style config file.
func (*Credentials) AWSConfigWithProfile ¶
AWSConfigWithProfile will return a new `aws.Config` instance for the profile matching 'profile' in 'c'. This method also assumes that AWS region information is stored in a "region" key inside a "default" section block of the underlying AWS credentials file.
func (*Credentials) SetSessionCredentialsWithProfile ¶
func (c *Credentials) SetSessionCredentialsWithProfile(ctx context.Context, profile string, creds *types.Credentials) error
SetSessionCredentialsWithProfile will write AWS credentials information derived from 'creds' to a block labeled after 'profile' to the the underlying AWS credentials file.
type STSCredentialsForDeveloperIdentityOptions ¶
type STSCredentialsForDeveloperIdentityOptions struct {
// An identity pool ID in the format REGION:GUID.
IdentityPoolId string
// A set of name-value pairs that map developer or provider names to a user.
Logins map[string]string
// The Amazon Resource Name (ARN) of the role that the caller is assuming.
RoleArn string
// An identifier for the assumed role session.
RoleSessionName string
// The duration, in seconds, of the role session.
Duration int32
// An optional list of Amazon Resource Names (ARNs) that you want to use as managed session policies.
Policies []string
}
STSCredentialsForDeveloperIdentityOptions defines configuration options for generating temporary STS (AWS) credentials for a developer identity.
Source Files