in source/services/resource-selector/index.ts [228:286]
async function getResourcesForTagName(taskMetadata: OpsConductorTaskMetadata): Promise<ParsedArn[]> {
const sts = new AWS.STS({ apiVersion: '2011-06-15' });
const resources: ParsedArn[] = [];
const accounts: string[] = [...taskMetadata.accounts];
const regions: string[] = [...taskMetadata.regions];
const taskId = taskMetadata.taskId;
for (let account of accounts) {
for (let region of regions) {
const roleArn = `arn:aws:iam::${account}:role/${account}-${region}-${taskId}`;
const stsParams: AWS.STS.AssumeRoleRequest = {
RoleArn: roleArn,
RoleSessionName: 'ops_conductor_query_by_tag',
DurationSeconds: 900
};
const assumedRole = await sts.assumeRole(stsParams).promise();
const taggingAPIParams: AWS.ResourceGroupsTaggingAPI.GetResourcesInput = {
TagFilters: [
{
Key: taskMetadata.targetTag
}
],
ResourcesPerPage: 100
};
// Filter the resources by the expected type
taggingAPIParams.ResourceTypeFilters = [taskMetadata.targetResourceType];
const resourceTaggingApi = new AWS.ResourceGroupsTaggingAPI(
{
apiVersion: '2017-01-26',
accessKeyId: assumedRole.Credentials.AccessKeyId,
secretAccessKey: assumedRole.Credentials.SecretAccessKey,
sessionToken: assumedRole.Credentials.SessionToken,
region: region
}
);
// Call the Resource API at least once and repeat if a PaginationToken was returned
do {
const data = await resourceTaggingApi.getResources(taggingAPIParams).promise();
resources.push(...data.ResourceTagMappingList.map(rm => {
return parseARN(rm.ResourceARN);
}));
if (data.PaginationToken && data.PaginationToken.trim() !== '') {
taggingAPIParams.PaginationToken = data.PaginationToken;
} else {
// Remove PaginationToken from params so we exit the while loop
delete taggingAPIParams.PaginationToken;
}
} while (Object.prototype.hasOwnProperty.call(taggingAPIParams, 'PaginationToken'));
}
}
return resources;
}