in pkg/aws/ec2/api/wrapper.go [525:577]
func (e *ec2Wrapper) getClientUsingAssumedRole(instanceRegion, roleARN, clusterName, region string, qps, burst int) (*ec2.Client, error) {
cfg, err := config.LoadDefaultConfig(context.TODO(),
config.WithRegion(instanceRegion),
config.WithRetryer(func() aws.Retryer {
return retry.NewStandard(func(o *retry.StandardOptions) {
o.MaxAttempts = MaxRetries
})
}),
config.WithAPIOptions([]func(stack *smithymiddleware.Stack) error{
awsmiddleware.AddUserAgentKeyValue(AppName, version.GitVersion),
}),
)
if err != nil {
return nil, fmt.Errorf("failed to load AWS config: %w", err)
}
// Create a rate limited http client for the
client, err := utils.NewRateLimitedClient(qps, burst)
if err != nil {
return nil, fmt.Errorf("failed to create rate limited client with %d qps and %d burst: %v", qps, burst, err)
}
e.log.Info("created rate limited http client", "qps", qps, "burst", burst)
// GetPartition ID, SourceAccount and SourceARN
roleARN = strings.Trim(roleARN, "\"")
sourceAcct, partitionID, sourceArn, err := utils.GetSourceAcctAndArn(roleARN, region, clusterName)
if err != nil {
return nil, err
}
// Get the regional sts end point
regionalSTSEndpoint, err := e.getRegionalStsEndpoint(partitionID, region)
if err != nil {
return nil, fmt.Errorf("failed to get the regional sts endpoint for region %s: %v %v",
instanceRegion, err, partitionID)
}
regionalProvider := stscreds.NewAssumeRoleProvider(
e.createSTSClient(cfg, client, regionalSTSEndpoint.URL, sourceAcct, sourceArn),
roleARN,
func(o *stscreds.AssumeRoleOptions) {
o.Duration = time.Minute * 60
o.RoleSessionName = AppName
},
)
e.log.Info("initialized the regional/global providers", "roleARN", roleARN)
return ec2.NewFromConfig(cfg, func(o *ec2.Options) {
o.HTTPClient = client
o.Credentials = aws.NewCredentialsCache(regionalProvider)
}), nil
}