add aws-imds-credentials (#6)

thisisaaronland · thisisaaronland · web-flow · commit 30448ebdeee4 · 2024-03-28T11:47:17.000-07:00
Co-authored-by: thisisaaronland &lt;thisisaaronland@localhost&gt;
diff --git a/Makefile b/Makefile
@@ -8,3 +8,4 @@ cli:
 	go build -mod $(GOMOD) -ldflags="$(LDFLAGS)" -o bin/aws-set-env cmd/aws-set-env/main.go
 	go build -mod $(GOMOD) -ldflags="$(LDFLAGS)" -o bin/aws-sign-request cmd/aws-sign-request/main.go
 	go build -mod $(GOMOD) -ldflags="$(LDFLAGS)" -o bin/aws-credentials-json-to-ini cmd/aws-credentials-json-to-ini/main.go
+	go build -mod $(GOMOD) -ldflags="$(LDFLAGS)" -o bin/aws-imds-credentials cmd/aws-imds-credentials/main.go
diff --git a/README.md b/README.md
@@ -18,6 +18,7 @@ go build -mod vendor -ldflags="-s -w" -o bin/aws-cognito-credentials cmd/aws-cog
 go build -mod vendor -ldflags="-s -w" -o bin/aws-set-env cmd/aws-set-env/main.go
 go build -mod vendor -ldflags="-s -w" -o bin/aws-sign-request cmd/aws-sign-request/main.go
 go build -mod vendor -ldflags="-s -w" -o bin/aws-credentials-json-to-ini cmd/aws-credentials-json-to-ini/main.go
+go build -mod vendor -ldflags="-s -w" -o bin/aws-imds-credentials cmd/aws-imds-credentials/main.go
 ```
 
 ## aws-cognito-credentials
@@ -108,6 +109,22 @@ Usage of ./bin/aws-get-credentials:
     	A valid AWS credentials profile (default "default")
 ```
 
+### aws-imds-credentials
+
+`aws-imds-credentials` returns the current `aws.Credentials` derived from the EC2 IMDS API. For example:
+
+```
+$> ./bin/aws-imds-credentials | jq
+{
+  "AccessKeyID": "...",
+  "SecretAccessKey": "...",
+  "SessionToken": "...",
+  "Source": "EC2RoleProvider",
+  "CanExpire": true,
+  "Expires": "2024-03-28T19:44:42.59621653Z"
+}
+```
+
 ### aws-mfa-session
 
 `aws-mfa-session` is a command line to create session-based authentication keys and secrets for a given profile and multi-factor authentication (MFA) token and then writing that key and secret back to a "credentials" file in a specific profile section.
diff --git a/cmd/aws-imds-credentials/main.go b/cmd/aws-imds-credentials/main.go
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"flag"
+	"log"
+	"os"
+
+	"github.com/aaronland/go-aws-auth"
+)
+
+func main() {
+
+	flag.Parse()
+	ctx := context.Background()
+
+	creds, err := auth.EC2RoleCredentials(ctx)
+
+	if err != nil {
+		log.Fatalf("Failed to retrive credentials, %v", err)
+	}
+
+	enc := json.NewEncoder(os.Stdout)
+	err = enc.Encode(creds)
+
+	if err != nil {
+		log.Fatalf("Failed to encode credentials, %v", err)
+	}
+}
diff --git a/ec2.go b/ec2.go
@@ -0,0 +1,20 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
+)
+
+func EC2RoleCredentials(ctx context.Context) (aws.Credentials, error) {
+
+	provider := ec2rolecreds.New(func(o *ec2rolecreds.Options) {
+		o.Client = imds.New(imds.Options{
+			/* custom options */
+		})
+	})
+
+	return provider.Retrieve(ctx)
+}
diff --git a/go.mod b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.26.0
 	github.com/aws/aws-sdk-go-v2/config v1.27.9
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.9
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0
 	github.com/aws/aws-sdk-go-v2/service/cognitoidentity v1.23.4
 	github.com/aws/aws-sdk-go-v2/service/iam v1.31.3
 	github.com/aws/aws-sdk-go-v2/service/ssm v1.49.4
@@ -17,7 +18,6 @@ require (
 )
 
 require (
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
