s3-resource-simple/assets/in
Anthony Sceresini 7ed95b8801 Support AWS IAM Roles.
Only define credential environment variables when values have been passed through. Assigning them to empty values enacts the AWS credential precedence rules and the Role will never be utilised through metadata.
2016-08-18 19:31:03 +10:00

36 lines
1 KiB
Bash
Executable file

#!/bin/sh
# Resource Impl: http://concourse.ci/implementing-resources.html#in:-fetch-a-given-resource
set -e
exec 3>&1 # make stdout available as fd 3 for the result
exec 1>&2 # redirect all output to stderr for logging
dest=$1
if [ -z "$dest" ]; then
echo "usage: $0 <path/to/volume>"
exit 1
fi
#######################################
# parse incoming config data
payload=`cat`
bucket=$(echo "$payload" | jq -r '.source.bucket')
options=$(echo "$payload" | jq -r '.source.options // [] | join(" ")')
# export for `aws` cli
AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id')
AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key')
# Due to precedence rules, must be unset to support AWS IAM Roles.
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ]; then
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
fi
echo "Downloading from S3..."
eval aws s3 sync "s3://$bucket" $dest $options
echo "...done."
source "$(dirname $0)/emit.sh" >&3