DecodePEMAndParseCertificate decodes the PEM encoded certificate and parses it into a x509 cert.
GetIamInstanceProfileARN extracts the ARN from the output of a call to DescribeInstances. The ARN is expected to be non-empty.
GetPublicIPAddress extracts the public IP address from the output of a call to DescribeInstances. The response is expected to be non-empty if the instance has a public IP and empty ("") if the instance is private.
func ValidateInstance(output *ec2.DescribeInstancesOutput, doc IdentityDocument, remoteAddr string) (role string, err error)
ValidateInstance checks if an EC2 instance exists and it has the expected IP. It returns the name of the instance profile (the IAM role).
Note that this validation will not work for NATed VMs.
ParseAndVerifyIdentityDocument parses and checks and identity document in PKCS#7 format. Only some relevant fields are returned.