From 8546fedfa25df2e0b6f6bc2c75a722dae5bb01a4 Mon Sep 17 00:00:00 2001 From: Matt Ellis Date: Tue, 3 Dec 2019 13:36:53 +1100 Subject: [PATCH] Add `aws_session_token` argument, to enable use of temp AWS credentials (#26) * - Add `aws_session_token` argument to program, to enable use of temporary AWS credentials * Fix spacing * Whitespace should be tab --- main.go | 2 ++ prometheus_to_cloudwatch.go | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index e10659d..05daf70 100644 --- a/main.go +++ b/main.go @@ -18,6 +18,7 @@ import ( var ( awsAccessKeyId = flag.String("aws_access_key_id", os.Getenv("AWS_ACCESS_KEY_ID"), "AWS access key Id with permissions to publish CloudWatch metrics") awsSecretAccessKey = flag.String("aws_secret_access_key", os.Getenv("AWS_SECRET_ACCESS_KEY"), "AWS secret access key with permissions to publish CloudWatch metrics") + awsSessionToken = flag.String("aws_session_token", os.Getenv("AWS_SESSION_TOKEN"), "AWS session token with permissions to publish CloudWatch metrics") cloudWatchNamespace = flag.String("cloudwatch_namespace", os.Getenv("CLOUDWATCH_NAMESPACE"), "CloudWatch Namespace") cloudWatchRegion = flag.String("cloudwatch_region", os.Getenv("CLOUDWATCH_REGION"), "CloudWatch Region") cloudWatchPublishTimeout = flag.String("cloudwatch_publish_timeout", os.Getenv("CLOUDWATCH_PUBLISH_TIMEOUT"), "CloudWatch publish timeout in seconds") @@ -172,6 +173,7 @@ func main() { PrometheusSkipServerCertCheck: skipCertCheck, AwsAccessKeyId: *awsAccessKeyId, AwsSecretAccessKey: *awsSecretAccessKey, + AwsSessionToken: *awsSessionToken, AdditionalDimensions: additionalDimensions, ReplaceDimensions: replaceDims, IncludeMetrics: includeMetricsList, diff --git a/prometheus_to_cloudwatch.go b/prometheus_to_cloudwatch.go index dbd7580..5a97c38 100644 --- a/prometheus_to_cloudwatch.go +++ b/prometheus_to_cloudwatch.go @@ -64,6 +64,9 @@ type Config struct { // AWS secret access key with permissions to publish CloudWatch metrics AwsSecretAccessKey string + // AWS session token with permissions to publish CloudWatch metrics + AwsSessionToken string + // Required. The CloudWatch namespace under which metrics should be published CloudWatchNamespace string @@ -174,7 +177,8 @@ func NewBridge(c *Config) (*Bridge, error) { // If credentials are not provided in the variables, the chain of credential providers will search for credentials // in environment variables, the shared credential file, and EC2 Instance Roles if c.AwsAccessKeyId != "" && c.AwsSecretAccessKey != "" { - config.Credentials = credentials.NewStaticCredentials(c.AwsAccessKeyId, c.AwsSecretAccessKey, "") + // Utilise AWS session token if one is provided (Required for temporary AWS credentials) + config.Credentials = credentials.NewStaticCredentials(c.AwsAccessKeyId, c.AwsSecretAccessKey, c.AwsSessionToken) } sess, err := session.NewSession(config)