in server/pkg/cloud/aws/session/builder.go [38:111]
func NewSession(opts *Options) (*session.Session, error) {
// Check arguments
if opts == nil {
return nil, errors.New("unable to build without options")
}
if opts.Region == "" {
opts.Region = "us-east-1"
}
// Start a new AWS session
awsSession, err := session.NewSession()
if err != nil {
return nil, fmt.Errorf("unable to initialize AWS session: %w", err)
}
// Prepare credential providers
providers := []credentials.Provider{}
if opts.AccessKeyID != "" && opts.SecretAccessKey != "" {
providers = append(providers, &credentials.StaticProvider{
Value: credentials.Value{
AccessKeyID: opts.AccessKeyID,
SecretAccessKey: opts.SecretAccessKey,
SessionToken: opts.SessionToken,
},
})
}
if !opts.IgnoreEnvCreds {
providers = append(providers, &credentials.EnvProvider{})
}
if !opts.IgnoreConfigCreds {
providers = append(providers, &credentials.SharedCredentialsProvider{})
}
if !opts.IgnoreEC2RoleCreds {
providers = append(providers, &ec2rolecreds.EC2RoleProvider{
Client: ec2metadata.New(awsSession, &aws.Config{
HTTPClient: &http.Client{Timeout: 1 * time.Second},
}),
ExpiryWindow: 2 * time.Minute,
})
}
// Assemble credentials
creds := credentials.NewChainCredentials(providers)
// Prepare config
config := aws.Config{
Credentials: creds,
DisableSSL: aws.Bool(opts.DisableSSL),
S3ForcePathStyle: aws.Bool(opts.S3ForcePathStyle),
S3UseAccelerate: aws.Bool(opts.UseAccelerateEndpoint),
S3UsEast1RegionalEndpoint: endpoints.RegionalS3UsEast1Endpoint,
}
if opts.Endpoint != "" {
config.Endpoint = aws.String(opts.Endpoint)
}
if opts.Region != "" {
config.Region = aws.String(opts.Region)
}
// Prepare options
awsSessionOpts := session.Options{
Config: config,
}
if opts.EnvAuthentication && opts.AccessKeyID == "" && opts.SecretAccessKey == "" {
awsSessionOpts.SharedConfigState = session.SharedConfigEnable
awsSessionOpts.Config.Credentials = nil
}
if opts.Profile != "" {
awsSessionOpts.Profile = opts.Profile
}
// Build session
return session.NewSessionWithOptions(awsSessionOpts)
}