Documentation
¶
Index ¶
Constants ¶
const ( // EC2MetadataIp is the address used to contact the metadata service, per AWS EC2MetadataIp = "169.254.169.254" // EC2MetadataCredentialPath is the base path for instance role credentials in the metadata service EC2MetadataCredentialPath = "/latest/meta-data/iam/security-credentials/" // MfaPath is the endpoint for providing MFA data MfaPath = "/mfa" // ProfilePath is the endpoint for getting/setting the profile to use ProfilePath = "/profile" // ListRolesPath is the endpoint for listing all known roles ListRolesPath = "/list-roles" // RefreshPath is the endpoint for forcing a credential refresh RefreshPath = "/refresh" )
const (
// EcsCredentialsPath is the URL path used to retrieve the credentials
EcsCredentialsPath = "/credentials"
)
Variables ¶
var ( // EC2MetadataAddress is the net.IPAddr of the EC2 metadata service EC2MetadataAddress *net.IPAddr )
Functions ¶
func NewEC2MetadataService ¶
func NewEC2MetadataService(opts *EC2MetadataInput) error
NewEC2MetadataService starts an HTTP server which will listen on the EC2 metadata service path for handling requests for instance role credentials. SDKs will first look up the path in EC2MetadataCredentialPath, which returns the name of the instance role in use, it then appends that value to the previous request url and expects the response body to contain the credential data in json format.
Types ¶
type EC2MetadataInput ¶
type EC2MetadataInput struct {
// Config is the AwsConfig for a profile provided at service startup
Config *config.AwsConfig
// InitialProfile is the name of the profile provided at service startup
InitialProfile string
// Logger is the logger object to configure for the service
Logger *simple_logger.Logger
// Session is the initial AWS session.Session object to use at service startup
Session *session.Session
// SessionCacheDir is the path used to cache the session token credentials. Set to an empty string to disable caching.
SessionCacheDir string
// User is the AwsIdentity of the callers AWS credentials.
User *credlib.AwsIdentity
}
EC2MetadataInput is a struct to provide options for configuring the state of the metadata service at startup
type EcsMetadataInput ¶
type EcsMetadataInput struct {
// Credentials is the AWS credentials.Credentials object used to fetch the credentials. This allows us to have
// the service return role credentials, or session credentials (in case the caller's code does its own role management)
Credentials *credentials.Credentials
// Logger is the logging object to configure for the service. If not provided, a standard logger is configured.
Logger *simple_logger.Logger
}
EcsMetadataInput contains the options available for customizing the behavior of the ECS Metadata Service
type EcsMetadataService ¶
type EcsMetadataService struct {
// Url is the fully-formed URL to use for retrieving credentials from the service
Url *url.URL
// contains filtered or unexported fields
}
EcsMetadataService is the object encapsulating the details of the service
func NewEcsMetadataService ¶
func NewEcsMetadataService(opts *EcsMetadataInput) (*EcsMetadataService, error)
NewEcsMetadataService creates a new EcsMetadataService object using the provided EcsMetadataInput options.
func (*EcsMetadataService) Run ¶
func (s *EcsMetadataService) Run()
Run starts the HTTP server used to fetch credentials. The HTTP server will listen on the loopback address on a randomly chosen port.
Source Files