in solution/solution-compliance-audit-for-data-plane/source/function/ecs-timezone/index.js [172:206]
async function getEcsClient(eventParams, context) {
const { regionId, accountId } = eventParams.invokingEvent.configurationItem;
//Assume Role到应用账号
const stsClient = new RPCClient({
accessKeyId: context.credentials.accessKeyId,
accessKeySecret: context.credentials.accessKeySecret,
securityToken: context.credentials.securityToken,
endpoint: `https://sts.${regionId}.aliyuncs.com`,
apiVersion: "2015-04-01",
});
const params = {
RegionId: regionId,
RoleArn: `acs:ram::${accountId}:role/${eventParams.ruleParameters.configFcExecutionRoleName}`,
RoleSessionName: "EcsTimezoneInspection",
};
const applicationAccountCredentials = await stsClient.request(
"AssumeRole",
params,
requestOption
);
// 构造 ecs 服务的 client
const ecsClient = new RPCClient({
accessKeyId: applicationAccountCredentials.Credentials.AccessKeyId,
accessKeySecret: applicationAccountCredentials.Credentials.AccessKeySecret,
securityToken: applicationAccountCredentials.Credentials.SecurityToken,
endpoint: `https://ecs.${regionId}.aliyuncs.com`,
apiVersion: "2014-05-26",
});
return ecsClient;
}