Ax333l/s3-resource-simple
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Support AWS IAM Roles.

Browse source 
Only define credential environment variables when values have been passed through. Assigning them to empty values enacts the AWS credential precedence rules and the Role will never be utilised through metadata.
This commit is contained in:
Anthony Sceresini 2016-08-18 19:31:03 +10:00
parent 5b10b59baf
commit 7ed95b8801
3 changed files with 24 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
assets/check
View file

@ -9,8 +9,14 @@ payload=`cat`
bucket=$(echo "$payload" | jq -r '.source.bucket')
# export for `aws` cli
export AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id')
export AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key')
AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id')
AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key')
# Due to precedence rules, must be unset to support AWS IAM Roles.
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ]; then
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
fi
# Consider the most recent LastModified timestamp as the most recent version.
timestamps="$(aws s3api list-objects --bucket $bucket --query 'Contents[].{LastModified: LastModified}')"

10
assets/in
View file

@ -20,8 +20,14 @@ bucket=$(echo "$payload" | jq -r '.source.bucket')
options=$(echo "$payload" | jq -r '.source.options // [] | join(" ")')
# export for `aws` cli
export AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id')
export AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key')
AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id')
AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key')
# Due to precedence rules, must be unset to support AWS IAM Roles.
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ]; then
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
fi
echo "Downloading from S3..."
eval aws s3 sync "s3://$bucket" $dest $options

10
assets/out
View file

@ -20,8 +20,14 @@ bucket=$(echo "$payload" | jq -r '.source.bucket')
options=$(echo "$payload" | jq -r '.source.options // [] | join(" ")')
# export for `aws` cli
export AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id')
export AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key')
AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id')
AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key')
# Due to precedence rules, must be unset to support AWS IAM Roles.
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ]; then
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
fi
echo "Uploading to S3..."
eval aws s3 sync $source "s3://$bucket" $options