func()

in pkg/aws/ec2/api/wrapper.go [443:500]

• 44 lines of code
• 5 McCabe index (conditional complexity)

func (e *ec2Wrapper) getClientUsingAssumedRole(instanceRegion string, roleARN string, qps int, burst int) (*ec2.EC2, error) {
	var providers []credentials.Provider

	userStsSession := session.Must(session.NewSession())
	userStsSession.Config.Region = &instanceRegion
	injectUserAgent(&userStsSession.Handlers)

	// Create a rate limited http client for the
	client, err := utils.NewRateLimitedClient(qps, burst)
	if err != nil {
		return nil, fmt.Errorf("failed to create reate limited client with %d qps and %d burst: %v", qps, burst, err)
	}
	e.log.Info("created rate limited http client", "qps", qps, "burst", burst)

	// Get the regional sts end point
	regionalSTSEndpoint, err := endpoints.DefaultResolver().
		EndpointFor("sts", aws.StringValue(userStsSession.Config.Region), endpoints.STSRegionalEndpointOption)
	if err != nil {
		return nil, fmt.Errorf("failed to get the regional sts endoint for region %s: %v",
			*userStsSession.Config.Region, err)
	}

	roleARN = strings.Trim(roleARN, "\"")
	// Add the regional sts end point
	regionalProvider := &stscreds.AssumeRoleProvider{
		Client: sts.New(userStsSession, aws.NewConfig().WithHTTPClient(client).
			WithEndpoint(regionalSTSEndpoint.URL).WithMaxRetries(MaxRetries)),
		RoleARN:         roleARN,
		Duration:        time.Minute * 60,
		RoleSessionName: AppName,
	}
	providers = append(providers, regionalProvider)

	// Get the global sts end point
	globalSTSEndpoint, err := endpoints.DefaultResolver().
		EndpointFor("sts", aws.StringValue(userStsSession.Config.Region))
	if err != nil {
		return nil, fmt.Errorf("failed to get the global sts endoint for region %s: %v",
			*userStsSession.Config.Region, err)
	}

	// If the regional STS endpoint is different than the global STS endpoint then add the global sts endpoint
	if regionalSTSEndpoint.URL != globalSTSEndpoint.URL {
		globalProvider := &stscreds.AssumeRoleProvider{
			Client: sts.New(userStsSession, aws.NewConfig().WithHTTPClient(client).
				WithEndpoint(regionalSTSEndpoint.URL).WithMaxRetries(MaxRetries)),
			RoleARN:  roleARN,
			Duration: time.Minute * 60,
		}
		providers = append(providers, globalProvider)
	}
	e.log.Info("initialized the regional/global providers", "roleARN", roleARN)

	userStsSession.Config.Credentials = credentials.NewChainCredentials(providers)

	return ec2.New(userStsSession, aws.NewConfig().WithHTTPClient(client)), nil

}