async function assumeRoleFromInstanceProfile()

in src/lib/awsConnectionParameters.ts [148:177]

• 29 lines of code
• 6 McCabe index (conditional complexity)

async function assumeRoleFromInstanceProfile(
    awsparams: AWSConnectionParameters,
    endpointName: string | undefined
): Promise<AWS.Credentials | undefined> {
    if (!endpointName) {
        return undefined
    }
    const authInfo = getEndpointAuthInfo(awsparams, endpointName)

    if (authInfo.useOIDC === 'true') {
        console.log('Skipping Instance profile, we have OIDC enabled')
        return undefined
    }
    authInfo.roleSessionName = authInfo.roleSessionName ?? defaultRoleSessionName
    if (!authInfo.accessKey && !authInfo.secretKey && authInfo.assumeRoleArn) {
        console.log('Assuming role without credentials (via instance profile)...')
        const params = {
            RoleArn: authInfo.assumeRoleArn,
            RoleSessionName: authInfo.roleSessionName
        }
        const sts = new STS()
        const data = await sts.assumeRole(params).promise()
        return new AWS.Credentials({
            accessKeyId: data.Credentials!.AccessKeyId,
            secretAccessKey: data.Credentials!.SecretAccessKey,
            sessionToken: data.Credentials!.SessionToken
        })
    }
    return undefined
}