AWS SDK for the Go programming language.

Overview

AWS SDK for Go

API Reference Join the chat at https://gitter.im/aws/aws-sdk-go Build Status Apache V2 License

aws-sdk-go is the official AWS SDK for the Go programming language.

Checkout our release notes for information about the latest bug fixes, updates, and features added to the SDK.

We announced the General Availability for the AWS SDK for Go V2 (v2). The v2 SDK source is available at https://github.com/aws/aws-sdk-go-v2. Review the v2 SDK's Developer Guide to get started with AWS SDK for Go V2 or review the migration guide if you already use version 1.

Jump To:

Getting Started

Installing

Use go get to retrieve the SDK to add it to your GOPATH workspace, or project's Go module dependencies.

go get github.com/aws/aws-sdk-go

To update the SDK use go get -u to retrieve the latest version of the SDK.

go get -u github.com/aws/aws-sdk-go

Dependencies

The SDK includes a vendor folder containing the runtime dependencies of the SDK. The metadata of the SDK's dependencies can be found in the Go module file go.mod or Dep file Gopkg.toml.

Go Modules

If you are using Go modules, your go get will default to the latest tagged release version of the SDK. To get a specific release version of the SDK use @<tag> in your go get command.

go get github.com/aws/[email protected]

To get the latest SDK repository change use @latest.

go get github.com/aws/[email protected]

Go 1.5

If you are using Go 1.5 without vendoring enabled, (GO15VENDOREXPERIMENT=1), you will need to use ... when retrieving the SDK to get its dependencies.

go get github.com/aws/aws-sdk-go/...

This will still include the vendor folder. The vendor folder can be deleted if not used by your environment.

rm -rf $GOPATH/src/github.com/aws/aws-sdk-go/vendor

Quick Examples

Complete SDK Example

This example shows a complete working Go file which will upload a file to S3 and use the Context pattern to implement timeout logic that will cancel the request if it takes too long. This example highlights how to use sessions, create a service client, make a request, handle the error, and process the response.

  package main

  import (
  	"context"
  	"flag"
  	"fmt"
  	"os"
  	"time"

  	"github.com/aws/aws-sdk-go/aws"
  	"github.com/aws/aws-sdk-go/aws/awserr"
  	"github.com/aws/aws-sdk-go/aws/request"
  	"github.com/aws/aws-sdk-go/aws/session"
  	"github.com/aws/aws-sdk-go/service/s3"
  )

  // Uploads a file to S3 given a bucket and object key. Also takes a duration
  // value to terminate the update if it doesn't complete within that time.
  //
  // The AWS Region needs to be provided in the AWS shared config or on the
  // environment variable as `AWS_REGION`. Credentials also must be provided
  // Will default to shared config file, but can load from environment if provided.
  //
  // Usage:
  //   # Upload myfile.txt to myBucket/myKey. Must complete within 10 minutes or will fail
  //   go run withContext.go -b mybucket -k myKey -d 10m < myfile.txt
  func main() {
  	var bucket, key string
  	var timeout time.Duration

  	flag.StringVar(&bucket, "b", "", "Bucket name.")
  	flag.StringVar(&key, "k", "", "Object key name.")
  	flag.DurationVar(&timeout, "d", 0, "Upload timeout.")
  	flag.Parse()

  	// All clients require a Session. The Session provides the client with
 	// shared configuration such as region, endpoint, and credentials. A
 	// Session should be shared where possible to take advantage of
 	// configuration and credential caching. See the session package for
 	// more information.
  	sess := session.Must(session.NewSession())

 	// Create a new instance of the service's client with a Session.
 	// Optional aws.Config values can also be provided as variadic arguments
 	// to the New function. This option allows you to provide service
 	// specific configuration.
  	svc := s3.New(sess)

  	// Create a context with a timeout that will abort the upload if it takes
  	// more than the passed in timeout.
  	ctx := context.Background()
  	var cancelFn func()
  	if timeout > 0 {
  		ctx, cancelFn = context.WithTimeout(ctx, timeout)
  	}
  	// Ensure the context is canceled to prevent leaking.
  	// See context package for more information, https://golang.org/pkg/context/
	if cancelFn != nil {
  		defer cancelFn()
	}

  	// Uploads the object to S3. The Context will interrupt the request if the
  	// timeout expires.
  	_, err := svc.PutObjectWithContext(ctx, &s3.PutObjectInput{
  		Bucket: aws.String(bucket),
  		Key:    aws.String(key),
  		Body:   os.Stdin,
  	})
  	if err != nil {
  		if aerr, ok := err.(awserr.Error); ok && aerr.Code() == request.CanceledErrorCode {
  			// If the SDK can determine the request or retry delay was canceled
  			// by a context the CanceledErrorCode error code will be returned.
  			fmt.Fprintf(os.Stderr, "upload canceled due to timeout, %v\n", err)
  		} else {
  			fmt.Fprintf(os.Stderr, "failed to upload object, %v\n", err)
  		}
  		os.Exit(1)
  	}

  	fmt.Printf("successfully uploaded file to %s/%s\n", bucket, key)
  }

Overview of SDK's Packages

The SDK is composed of two main components, SDK core, and service clients. The SDK core packages are all available under the aws package at the root of the SDK. Each client for a supported AWS service is available within its own package under the service folder at the root of the SDK.

  • aws - SDK core, provides common shared types such as Config, Logger, and utilities to make working with API parameters easier.

    • awserr - Provides the error interface that the SDK will use for all errors that occur in the SDK's processing. This includes service API response errors as well. The Error type is made up of a code and message. Cast the SDK's returned error type to awserr.Error and call the Code method to compare returned error to specific error codes. See the package's documentation for additional values that can be extracted such as RequestID.

    • credentials - Provides the types and built in credentials providers the SDK will use to retrieve AWS credentials to make API requests with. Nested under this folder are also additional credentials providers such as stscreds for assuming IAM roles, and ec2rolecreds for EC2 Instance roles.

    • endpoints - Provides the AWS Regions and Endpoints metadata for the SDK. Use this to lookup AWS service endpoint information such as which services are in a region, and what regions a service is in. Constants are also provided for all region identifiers, e.g UsWest2RegionID for "us-west-2".

    • session - Provides initial default configuration, and load configuration from external sources such as environment and shared credentials file.

    • request - Provides the API request sending, and retry logic for the SDK. This package also includes utilities for defining your own request retryer, and configuring how the SDK processes the request.

  • service - Clients for AWS services. All services supported by the SDK are available under this folder.

How to Use the SDK's AWS Service Clients

The SDK includes the Go types and utilities you can use to make requests to AWS service APIs. Within the service folder at the root of the SDK you'll find a package for each AWS service the SDK supports. All service clients follow common pattern of creation and usage.

When creating a client for an AWS service you'll first need to have a Session value constructed. The Session provides shared configuration that can be shared between your service clients. When service clients are created you can pass in additional configuration via the aws.Config type to override configuration provided by in the Session to create service client instances with custom configuration.

Once the service's client is created you can use it to make API requests the AWS service. These clients are safe to use concurrently.

Configuring the SDK

In the AWS SDK for Go, you can configure settings for service clients, such as the log level and maximum number of retries. Most settings are optional; however, for each service client, you must specify a region and your credentials. The SDK uses these values to send requests to the correct AWS region and sign requests with the correct credentials. You can specify these values as part of a session or as environment variables.

See the SDK's configuration guide for more information.

See the session package documentation for more information on how to use Session with the SDK.

See the Config type in the aws package for more information on configuration options.

Configuring Credentials

When using the SDK you'll generally need your AWS credentials to authenticate with AWS services. The SDK supports multiple methods of supporting these credentials. By default the SDK will source credentials automatically from its default credential chain. See the session package for more information on this chain, and how to configure it. The common items in the credential chain are the following:

  • Environment Credentials - Set of environment variables that are useful when sub processes are created for specific roles.

  • Shared Credentials file (~/.aws/credentials) - This file stores your credentials based on a profile name and is useful for local development.

  • EC2 Instance Role Credentials - Use EC2 Instance Role to assign credentials to application running on an EC2 instance. This removes the need to manage credential files in production.

Credentials can be configured in code as well by setting the Config's Credentials value to a custom provider or using one of the providers included with the SDK to bypass the default credential chain and use a custom one. This is helpful when you want to instruct the SDK to only use a specific set of credentials or providers.

This example creates a credential provider for assuming an IAM role, "myRoleARN" and configures the S3 service client to use that role for API requests.

  // Initial credentials loaded from SDK's default credential chain. Such as
  // the environment, shared credentials (~/.aws/credentials), or EC2 Instance
  // Role. These credentials will be used to to make the STS Assume Role API.
  sess := session.Must(session.NewSession())

  // Create the credentials from AssumeRoleProvider to assume the role
  // referenced by the "myRoleARN" ARN.
  creds := stscreds.NewCredentials(sess, "myRoleArn")

  // Create service client value configured for credentials
  // from assumed role.
  svc := s3.New(sess, &aws.Config{Credentials: creds})

See the credentials package documentation for more information on credential providers included with the SDK, and how to customize the SDK's usage of credentials.

The SDK has support for the shared configuration file (~/.aws/config). This support can be enabled by setting the environment variable, "AWS_SDK_LOAD_CONFIG=1", or enabling the feature in code when creating a Session via the Option's SharedConfigState parameter.

  sess := session.Must(session.NewSessionWithOptions(session.Options{
      SharedConfigState: session.SharedConfigEnable,
  }))

Configuring AWS Region

In addition to the credentials you'll need to specify the region the SDK will use to make AWS API requests to. In the SDK you can specify the region either with an environment variable, or directly in code when a Session or service client is created. The last value specified in code wins if the region is specified multiple ways.

To set the region via the environment variable set the "AWS_REGION" to the region you want to the SDK to use. Using this method to set the region will allow you to run your application in multiple regions without needing additional code in the application to select the region.

AWS_REGION=us-west-2

The endpoints package includes constants for all regions the SDK knows. The values are all suffixed with RegionID. These values are helpful, because they reduce the need to type the region string manually.

To set the region on a Session use the aws package's Config struct parameter Region to the AWS region you want the service clients created from the session to use. This is helpful when you want to create multiple service clients, and all of the clients make API requests to the same region.

  sess := session.Must(session.NewSession(&aws.Config{
      Region: aws.String(endpoints.UsWest2RegionID),
  }))

See the endpoints package for the AWS Regions and Endpoints metadata.

In addition to setting the region when creating a Session you can also set the region on a per service client bases. This overrides the region of a Session. This is helpful when you want to create service clients in specific regions different from the Session's region.

  svc := s3.New(sess, &aws.Config{
      Region: aws.String(endpoints.UsWest2RegionID),
  })

See the Config type in the aws package for more information and additional options such as setting the Endpoint, and other service client configuration options.

Making API Requests

Once the client is created you can make an API request to the service. Each API method takes a input parameter, and returns the service response and an error. The SDK provides methods for making the API call in multiple ways.

In this list we'll use the S3 ListObjects API as an example for the different ways of making API requests.

  • ListObjects - Base API operation that will make the API request to the service.

  • ListObjectsRequest - API methods suffixed with Request will construct the API request, but not send it. This is also helpful when you want to get a presigned URL for a request, and share the presigned URL instead of your application making the request directly.

  • ListObjectsPages - Same as the base API operation, but uses a callback to automatically handle pagination of the API's response.

  • ListObjectsWithContext - Same as base API operation, but adds support for the Context pattern. This is helpful for controlling the canceling of in flight requests. See the Go standard library context package for more information. This method also takes request package's Option functional options as the variadic argument for modifying how the request will be made, or extracting information from the raw HTTP response.

  • ListObjectsPagesWithContext - same as ListObjectsPages, but adds support for the Context pattern. Similar to ListObjectsWithContext this method also takes the request package's Option function option types as the variadic argument.

In addition to the API operations the SDK also includes several higher level methods that abstract checking for and waiting for an AWS resource to be in a desired state. In this list we'll use WaitUntilBucketExists to demonstrate the different forms of waiters.

  • WaitUntilBucketExists. - Method to make API request to query an AWS service for a resource's state. Will return successfully when that state is accomplished.

  • WaitUntilBucketExistsWithContext - Same as WaitUntilBucketExists, but adds support for the Context pattern. In addition these methods take request package's WaiterOptions to configure the waiter, and how underlying request will be made by the SDK.

The API method will document which error codes the service might return for the operation. These errors will also be available as const strings prefixed with "ErrCode" in the service client's package. If there are no errors listed in the API's SDK documentation you'll need to consult the AWS service's API documentation for the errors that could be returned.

  ctx := context.Background()

  result, err := svc.GetObjectWithContext(ctx, &s3.GetObjectInput{
      Bucket: aws.String("my-bucket"),
      Key: aws.String("my-key"),
  })
  if err != nil {
      // Cast err to awserr.Error to handle specific error codes.
      aerr, ok := err.(awserr.Error)
      if ok && aerr.Code() == s3.ErrCodeNoSuchKey {
          // Specific error code handling
      }
      return err
  }

  // Make sure to close the body when done with it for S3 GetObject APIs or
  // will leak connections.
  defer result.Body.Close()

  fmt.Println("Object Size:", aws.Int64Value(result.ContentLength))

API Request Pagination and Resource Waiters

Pagination helper methods are suffixed with "Pages", and provide the functionality needed to round trip API page requests. Pagination methods take a callback function that will be called for each page of the API's response.

   objects := []string{}
   err := svc.ListObjectsPagesWithContext(ctx, &s3.ListObjectsInput{
       Bucket: aws.String(myBucket),
   }, func(p *s3.ListObjectsOutput, lastPage bool) bool {
       for _, o := range p.Contents {
           objects = append(objects, aws.StringValue(o.Key))
       }
       return true // continue paging
   })
   if err != nil {
       panic(fmt.Sprintf("failed to list objects for bucket, %s, %v", myBucket, err))
   }

   fmt.Println("Objects in bucket:", objects)

Waiter helper methods provide the functionality to wait for an AWS resource state. These methods abstract the logic needed to check the state of an AWS resource, and wait until that resource is in a desired state. The waiter will block until the resource is in the state that is desired, an error occurs, or the waiter times out. If a resource times out the error code returned will be request.WaiterResourceNotReadyErrorCode.

  err := svc.WaitUntilBucketExistsWithContext(ctx, &s3.HeadBucketInput{
      Bucket: aws.String(myBucket),
  })
  if err != nil {
      aerr, ok := err.(awserr.Error)
      if ok && aerr.Code() == request.WaiterResourceNotReadyErrorCode {
          fmt.Fprintf(os.Stderr, "timed out while waiting for bucket to exist")
      }
      panic(fmt.Errorf("failed to wait for bucket to exist, %v", err))
  }
  fmt.Println("Bucket", myBucket, "exists")

Getting Help

Please use these community resources for getting help. We use the GitHub issues for tracking bugs and feature requests.

  • Ask a question on StackOverflow and tag it with the aws-sdk-go tag.
  • Come join the AWS SDK for Go community chat on gitter.
  • Open a support ticket with AWS Support.
  • If you think you may have found a bug, please open an issue.

This SDK implements AWS service APIs. For general issues regarding the AWS services and their limitations, you may also take a look at the Amazon Web Services Discussion Forums.

Opening Issues

If you encounter a bug with the AWS SDK for Go we would like to hear about it. Search the existing issues and see if others are also experiencing the issue before opening a new issue. Please include the version of AWS SDK for Go, Go language, and OS you’re using. Please also include reproduction case when appropriate.

The GitHub issues are intended for bug reports and feature requests. For help and questions with using AWS SDK for Go please make use of the resources listed in the Getting Help section. Keeping the list of open issues lean will help us respond in a timely manner.

Contributing

We work hard to provide a high-quality and useful SDK for our AWS services, and we greatly value feedback and contributions from our community. Please review our contributing guidelines before submitting any issues or pull requests to ensure we have all the necessary information to effectively respond to your bug report or contribution.

Maintenance and support for SDK major versions

For information about maintenance and support for SDK major versions and our underlying dependencies, see the following in the AWS SDKs and Tools Shared Configuration and Credentials Reference Guide:

Resources

Developer guide - This document is a general introduction on how to configure and make requests with the SDK. If this is your first time using the SDK, this documentation and the API documentation will help you get started. This document focuses on the syntax and behavior of the SDK. The Service Developer Guide will help you get started using specific AWS services.

SDK API Reference Documentation - Use this document to look up all API operation input and output parameters for AWS services supported by the SDK. The API reference also includes documentation of the SDK, and examples how to using the SDK, service client API operations, and API operation require parameters.

Service Documentation - Use this documentation to learn how to interface with AWS services. These guides are great for getting started with a service, or when looking for more information about a service. While this document is not required for coding, services may supply helpful samples to look out for.

SDK Examples - Included in the SDK's repo are several hand crafted examples using the SDK features and AWS services.

Forum - Ask questions, get help, and give feedback

Issues - Report issues, submit pull requests, and get involved (see Apache 2.0 License)

Issues
  • [S3] RequestError with UploadPart call

    [S3] RequestError with UploadPart call

    Please fill out the sections below to help us address your issue.

    Version of AWS SDK for Go?

    v1.18.2

    Version of Go (go version)?

    go version go1.10.4

    What issue did you see?

    We are using MultipartUpload for uploading some mp3 files to S3. At times, the S3.UploadPart function throws the following error:

    RequestError: send request failed
    caused by: Put https://<bucket_name>.s3.ap-southeast-1.amazonaws.com/filename.mp3?partNumber=1&uploadId=FQEnFylcgwfiSyqAFJSAaBPujuG_ooLOCrPnHv5vO_Un0W5_Ml8DYeqB4xx7US_IFbcdkjrWZqizTemAKyx3MNYwku6BPRqvLz3eGxAqndFUUw--: http: Request.ContentLength=4674720 with nil Body
    

    Here is the code the code that handles the uploading part:

    func uploadPart(svc *s3.S3, resp *s3.CreateMultipartUploadOutput, fileBytes []byte, partNumber int) (*s3.CompletedPart, error) {
    	tryNum := 1
    
    	body := bytes.NewReader(fileBytes)
    	partInput := &s3.UploadPartInput{
    		Body:          body,
    		Bucket:        resp.Bucket,
    		Key:           resp.Key,
    		PartNumber:    aws.Int64(int64(partNumber)),
    		UploadId:      resp.UploadId,
    		ContentLength: aws.Int64(int64(len(fileBytes))),
    	}
    
    	for tryNum <= maxRetries {
    		uploadResult, err := svc.UploadPart(partInput)
    		if err != nil {
    			if tryNum == maxRetries {
    				if aerr, ok := err.(awserr.Error); ok {
    					return nil, aerr
    				}
    				return nil, err
    			}
    			log.Printf("Retrying to upload part #%v\n", partNumber)
    			tryNum++
    		} else {
    			return &s3.CompletedPart{
    				ETag:       uploadResult.ETag,
    				PartNumber: aws.Int64(int64(partNumber)),
    			}, nil
    		}
    	}
    	return nil, nil
    }
    
    

    Steps to reproduce

    Not reproducable. Happens only some times. The body is not actually nil. Made sure of it by checking it in the logs.

    bug 
    opened by arjunmahishi 55
  • Discussion: How should you unit test code which uses the aws-sdk-go

    Discussion: How should you unit test code which uses the aws-sdk-go

    Consider the following case:

    I have a package within my project which is my DAO package. It has methods like GetFooById("some-id"), which returns me the Foo object from dynamoDB which has the ID "some-id".

    This package constructs a dynamo condition, and calls DynamoClient.Query().

    How should one unit test my package without hitting a real DynamoDB, or without running a stub server which responds with AWS-like responses?

    Here's what I've considered/experimented with:

    1. Interface the parts of the AWS SDK which my code touches, and then use go-mock or alike. Cons: I have to then maintain a lot of extra interfaces, just for testing purposes
    2. Use withmock to replace the entire AWS package Cons: Withmock isn't well maintained, is slow, and doesn't play well with tools like godep or gocheck
    3. Wrap the calls to the sdk with a private variable defined function, which I can re-define in my tests, and manipulate to return fake objects. Cons: Is much like suggestion 1, and implies you have lines of code which aren't technically tested.

    Other options:

    • Have the AWS SDK present interfaces, so that using existing mocking tools doesn't require implementation of an interface.
    • Stub out AWS using a HTTP stub server.
    • Write some new mocking tool which achieves what we want...

    What are people's thoughts on this? What is the intention for onward testing of this sdk? (I see a small amount of unit tests at the client level, and some integration tests on the modules...)

    opened by philcluff 41
  • aws/credential: Add credential_process provider

    aws/credential: Add credential_process provider

    Fixes #1834 Continuation of #1874

    How It Works

    If you have a method of sourcing credentials that isn't built in to the [SDK], you can integrate it by using credential_process in the config file. The [SDK] will call that command exactly as given and then read json data from stdout.

    For example, you may have this configuration (this example uses awsprocesscreds for SAML integration):

    [dev]
    credential_process = awsprocesscreds-saml -e https://example.okta.com/home/amazon_aws/blob/123 -u '[email protected]' -p okta -a arn:aws:iam::123456789012:role/okta-dev
    

    Assuming the process returns a valid json like this example (but with valid credentials):

    {
      "Version": 1,
      "AccessKeyId": "<access key id>",
      "SecretAccessKey": "<secret access key>",
      "SessionToken": "<optional session token>",
      "Expiration": "<optional expiration date in ISO8601>"
    }
    

    You could use it in your code like this:

    sess := session.Must(session.NewSessionWithOptions(session.Options{
        Profile: "dev",
    }))
    
    svc := s3.New(sess)
    
    result, err := svc.ListBuckets(nil)
    ...
    

    You can also provide the process command programmatically without using a config file.

    creds := credentials.NewCredentials(&processcreds.ProcessProvider{
        Process: "/path/to/a/cred/process",
    })
    
    sess := session.Must(session.NewSessionWithOptions(session.Options{
        Credentials: creds,
    }))
    
    svc := s3.New(sess)
    

    This Pull Request

    This PR adds support for calling a credential_process and builds on the work of @micahhausler, taking into account review notes by @jasdel.

    Notable changes over #1874:

    • Rebased, fixing conflict
    • Removes the processcreds provider from the default credential chain
    • Adds further protection of credential_process including a timeout and small buffer limit (in case of a hung process or a process producing much data) - limits are configurable
    • Uses goroutines for executing process, reading data from the process
    • Moves the new provider and test into a processcreds package
    • Creates const error messages and default values
    • Completely avoids reading shared config file, leaving this to the existing providers
    • Process is passed via input parameter to the provider allowing for programmatic defining without need for shared config file
    • Makes Expiration of type Time
    • Carefully handles the environment (which is tricky when tests clear the env)
    • Avoids issues with string splitting the command by using subshells on Windows and Linux
    • Lets exec.Command fail rather than doing pre-checks
    • Captures both stdout and stderr in output
    • Does not mess with profiles, leaving that to existing resources
    • Does not use testify
    • Includes tests providing near 100% code coverage

    Please let me know if you have additional review.

    See related:

    • aws/aws-sdk-js#1923
    • boto/botocore#1316
    • serverless/serverless#4838
    • oktadeveloper/okta-aws-cli-assume-role#203
    • aws/aws-sdk-ruby#1820
    • aws/aws-sdk-java-v2#455
    opened by YakDriver 40
  • GetRecords  blocked for more than 10 minutes

    GetRecords blocked for more than 10 minutes

    Hi, I encounter an issue that it took more than 10 minutes to call GetRecords. So, there was an error "Iterator expired", when get records next time. It was correct when I started my application, and issue happened after several minutes. GetRecords should not be blocked, from AWS doc

    I enabled kinesis api debug info: log attached. Did you encounter this issue? And how to solve it?

    Thank you in advance!

    debug_info.log.gz get_record_code

    guidance 
    opened by nonexu 37
  • Unable to make ec2metadata request (returning 301)

    Unable to make ec2metadata request (returning 301)

    I am receiving the following error when attempting to make a basic role request.

    EC2RoleRequestError: no EC2 instance role found\ncaused by: EC2MetadataError: failed to make EC2Metadata request

    sess := session.New()
    creds := ec2rolecreds.NewCredentials(sess)
    config = &aws.Config{
        Credentials: creds,
        Region:      aws.String("us-west-2"),
        LogLevel:    aws.LogLevel(aws.LogDebugWithHTTPBody),
    }
    svc = dynamodb.New(sess, config)
    

    When I look at the request log, I see that it's making a 301 because iamSecurityCredsPath is missing a trailing slash.

    We are running this inside a docker container, when we enter a bash prompt inside the container, we can make aws cli requests without issue.

    3rd-party 
    opened by cam-stitt 31
  • Make v4 Signer public

    Make v4 Signer public

    Following @jasdel request, this is another try to make the aws v4 signer public, following in #662 footsteps.

    My current approach is to be minimally invasive: keep the private aws/signer/v4 package, which merely translates aws requests to the public aws/signer/v4 interface, which uses http.Request instead.

    A cleaner approach would be to remove the private signer entirely and adjust where necessary; also, we could split private/ public usage using struct embedding or similar, if necessary.

    The corehandler is still missing, since I'm not sure where this would be used internally.

    Feedback very welcome.

    opened by nicolai86 31
  • GetRecords hangs

    GetRecords hangs

    Hi,

    I'm having some problems with my application that is reading records from Kinesis. It seems to be randomly hanging on the GetRecords request until either Kinesis kills the connection or the subsequent GetRecords will fail due to an expired iterator.

    I have a stream with four shards. Total incoming data is around 500 kb/s. I have an application that starts a worker per shard- each worker is split into 5 parts, each communicating with the next over its own channel.

    The KinesisReader is very straight forward:

    ...
    for {
        // get records
        ts_start = time.Now()
        records, err := GetKinesisRecordsAndUpdateIterator(kinesisClient, iterator)
        if err != nil {
            log.Error("[WORKER #%v | KINESIS READER] Failed to get records (took=%v): %v", r.workerId, time.Since(ts_start), err)
            return
        }
        log.Info("[WORKER #%v | KINESIS READER] Read %v records from Kinesis (took=%v)", r.workerId, len(records), time.Since(ts_start))
        ...
    }
    ...
    
    func GetKinesisRecordsAndUpdateIterator(client *kinesis.Kinesis, iterator *string) ([]*kinesis.Record, error) {
        getRecordsInput := &kinesis.GetRecordsInput{
            ShardIterator: iterator,
        }
        resp, err := client.GetRecords(getRecordsInput)
        if err != nil {
            return nil, err
        }
        *iterator = *resp.NextShardIterator
    
        return resp.Records, nil
    }
    

    If it does not read any records it will go to sleep for 10 seconds. It will kill the worker on any errors and start a new one (hence it has failed 165 times in the last 12 hours).

    The three other workers happily continue reading records while this is happening.

    This results in the following log examples:

    2015/06/30 06:25:07.073380 INFO [WORKER #157 | KINESIS READER] Read 1 records from Kinesis (took=30.845742ms)
    2015/06/30 06:25:07.089282 INFO [WORKER #157 | KINESIS READER] Read 0 records from Kinesis (took=15.8282ms)
    2015/06/30 06:31:50.780351 INFO [WORKER #157 | KINESIS READER] Read 21 records from Kinesis (took=6m33.690849627s)
    2015/06/30 06:31:51.185088 ERROR [WORKER #157 | KINESIS READER] Failed to get records (took=73.276055ms): ExpiredIteratorException: Iterator expired. The iterator was created at time Tue Jun 30 06:25:17 UTC 2015 while right now it is Tue Jun 30 06:31:51 UTC 2015 which is further in the future than the tolerated delay of 300000 milliseconds.
    status code: 400, request id: []
    
    2015/06/30 06:37:24.780944 INFO [WORKER #165 | KINESIS READER] Read 0 records from Kinesis (took=20.868442ms)
    06:37:34.977293 INFO [WORKER #165 | KINESIS READER] Read 25 records from Kinesis (took=196.090744ms)
    2015/06/30 06:37:35.228885 INFO [WORKER #165 | KINESIS READER] Read 2 records from Kinesis (took=33.813113ms)
    2015/06/30 06:37:35.258778 INFO [WORKER #165 | KINESIS READER] Read 0 records from Kinesis (took=24.589261ms)
    2015/06/30 06:37:45.439487 INFO [WORKER #165 | KINESIS READER] Read 33 records from Kinesis (took=180.496173ms)
    2015/06/30 06:37:45.650751 INFO [WORKER #165 | KINESIS READER] Read 1 records from Kinesis (took=35.829663ms)
    2015/06/30 06:37:45.674542 INFO [WORKER #165 | KINESIS READER] Read 0 records from Kinesis (took=23.662061ms)
    2015/06/30 06:42:58.103110 ERROR [WORKER #165 | KINESIS READER] Failed to get records (took=5m2.42835127s): SerializationError: failed decoding JSON RPC response
    caused by: read tcp 54.239.19.115:443: connection reset by peer
    

    The second one is by far the most frequent example.

    Am I doing something wrong here? Any suggestions as to what might be wrong?

    service-api 
    opened by fantyz 29
  • Support context pattern

    Support context pattern

    See this blog article:

    https://blog.golang.org/context

    We use this heavily in all aspects of our SOA, and it allows us to inject request scoped parameters to systems that need them to provide useful information -- such as logging or in-memory caches. Here is a drastically simplified example:

    type key int
    const LoggerKey key = 0
    const RequestIdKey key = 1
    const MethodNameKey key = 2
    
    type Logger interface {
        Debug(ctx context.Context, message, args ...interface{})
    }    
    
    // alternatively the context interface could have the log methods on them to avoid this step
    func LoggerFrom(ctx context.Context) Logger {
        if logger, ok := ctx.Value(LoggerKey).(Logger); ok {
            return logger
        } else {
            return nullLogger
        }
    }
    
    ctx := context.WithCancel(context.Background())
    ctx = context.WithValue(ctx, RequestIdKey, uuid.NewV4())
    ctx = context.WithValue(ctx, LoggerKey, myLogger)
    
    someFrontendMethod(ctx, other, arguments)
    
    ...
    
    func someFrontendMethod(ctx context.Context, other int, arguments string) {
        ctx = context.WithValue(ctx, MethodNameKey, "someFrontendMethod")
        result, err := aws.DynamoDb().Get(ctx, ...) 
        ...
    }
    
    // totally made up interface, not implying this should be the real AWS one
    func (d *DynamoDb) Get(ctx context.Context, some int, args string) (*Result, error) {
        LoggerFrom(ctx).Debug(ctx, "dynamodb.get - starting request")
        ...
    }
    

    This would then output something like:

    [DEBUG] [requestId=5f0712749191adda1079e71c2403ec24d65ebf32] someFrontendMethod: dynamodb.get - starting request
    

    Additionally, in the first method, you would be able to timeout the call to someFrontendMethod by closing the Done channel on the context. Depending upon how much of the callstack is using the context, every goroutine underneath it would be notified of the cancelled context and abort as soon as possible. In the case of the AWS lib, this could be used to abort an exponential backoff algorithm that is currently sleeping without the caller of the lib having to cancel manually somehow.

    feature-request 
    opened by justonia 28
  • s3 error xml

    s3 error xml

    when we get an s3 error it's automatically unmarshalled: https://github.com/aws/aws-sdk-go/blob/master/service/s3/unmarshal_error.go which hides the original XML error message. In some case we want the original error, for example on a 301 we want to see what the correct bucket location should be. awserr.Error has an OrigErr() function but that field is always initialized to nil.

    guidance 
    opened by kahing 26
  • Connect to RDS using rdsutils.BuildAuthToken not working

    Connect to RDS using rdsutils.BuildAuthToken not working

    Please fill out the sections below to help us address your issue.

    Version of AWS SDK for Go?

    v1.8.19-6-g7b500fb

    Version of Go (go version)?

    go 1.8

    What issue did you see?

    following the doc but unable to make successful DB connection using IAM role from EC2 Also, this is particularly hard to debug because of not actually able to run code as EC2 on dev to test

    Steps to reproduce

    I follow the below step in https://docs.aws.amazon.com/sdk-for-go/api/service/rds/rdsutils/#BuildAuthToken and use the exact same code snippet but I believe there's some issue with the instruction:

    authToken, err := BuildAuthToken(dbEndpoint, awsRegion, dbUser, awsCreds)
    
    // Create the MySQL DNS string for the DB connection
    // user:[email protected](endpoint)/dbname?<params>
    dnsStr = fmt.Sprintf("%s:%[email protected](%s)/%s?tls=true",
       dbUser, authToken, dbEndpoint, dbName,
    )
    
    // Use db to perform SQL operations on database
    db, err := sql.Open("mysql", dnsStr)
    

    I have tried the above instruction but it was throwing signing errors

    below is my latest code snippet, I have tried various different fortmat and this is the one i last end up with:

    // c.Hostname = host.xxxx.us-east-1.rds.amazonaws.com
    // c.Port = 3306
    
    hostlocation := fmt.Sprintf("https://%v:%v", c.Hostname, c.Port)
    token, stdErr := rdsutils.BuildAuthToken(hostlocation, "us-east-1", "appuser", stscreds.NewCredentials(sess, "arn:aws:iam::[AWS ID]:role/SomeRole"))
    
    dnsStr := fmt.Sprintf("[appuser:%[email protected](%s)]:%v/%s?tls=true", token, c.Hostname, c.Port, "dbname")
    
    // Connect to database
    db, stdErr := sql.Open("mysql", dnsStr)
    

    for this one i got: StdError: invalid DSN: did you forget to escape a param value?

    the token returned is actually in the following format:

    host.xxxx.us-east-1.rds.amazonaws.com:3306?Action=connect&DBUser=appuser&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAJHJ4MX7HB6STZ5QQ%2F20170504%2Fus-east-1%2Frds-db%2Faws4_request&X-Amz-Date=20170504T164655Z&X-Amz-Expires=900&X-Amz-Security-Token=FQoDYXdzENr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDB3PYlunbHE2bh4ylCLWAevRs7cztGGATW3iJm0tpL1J2G%2FsqJjilAlhI2uj6VW%2BWH0txpt2bZ7DgQeZ0lutoJj3rffcznu7o0VIG%2F7L8MXC11BjXOIOEXFwx%2BhEIAqM%2F3v9vpa9Jp1L2xqPBs%2FLuOYmHFxufykYE3D9%2BdoPRp3srEj3AqGbv9Nanw6zRXbsRkAj96VzsAnFTzyTAyOknBUDkWpBzjR%2Fo1Gqdd9gwu6HdJRcp6H%2B9oI0FLrDuQqUfSZez5BUspe4EYDWctSEuNoNREQzzUkkoU2yXB69m4KxA4TyIy4ogLatyAU%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=2b249517f6dc4ad145232cdab3ea59e9b8b20dedad6666b07bbe686e33b6859e
    

    I am not sure if this is the right string that should replace the DSN/DNS password field as indicated in the doc

    Can anyone please help me figure out what the actual and correct DSN or DNS will look like? some example will be very helpful as I can just follow the same structure

    Thanks

    guidance 
    opened by jhwang09 24
  • Utilize io.Reader not io.ReadSeeker where possible

    Utilize io.Reader not io.ReadSeeker where possible

    Summary

    I noticed the s3 calls are using io.ReadSeeker for Body behind the scenes, which seems to be contributing to a huge waste of memory for general use cases. The issue is that ReadSeeker needs to persist bytes so that it can seek backwards, while the io.Reader interface can garbage collect bytes once it has read them, allowing it to Stream data from network or disk.

    Observed

    Using the s3 api for a web service which uses PutObject to place a file into s3, the file must be fully loaded into memory using io.ReadSeeker. For large objects (300MB) this meant a RAM use of about > 700MB.

    Expected

    The io.Reader interface should stream input bytes and allow them to be garbage collected once Read (and presumably written to s3).

    Additional Information

    Replacing aws-sdk-go with mitchellh/goamz dropped my RAM use per 300MB request from 700MB to ~8MB. I have a minimal test case to demonstrate this, if desired.

    feature-request 
    opened by DavidJFelix 24
  • endpoints: lazy load partitions to shave off more than 2.5MiB in binary size

    endpoints: lazy load partitions to shave off more than 2.5MiB in binary size

    Describe the bug

    While examining a cosmos-sdk performance bug in https://github.com/cosmos/cosmos-sdk/issues/11382, I noticed that aws-sdk-go/aws/endpoints.init shows up in a bunch of profiles and that's quite noisy, such as in Screen Shot 2022-06-21 at 4 48 01 PM

    the cause of that RAM bloat appearing is because just hashicorp/go-getter importing aws-sdk-go/aws/endpoints, requires initializing the variables in there and alas the partition initializations are quite massive.

    Expected Behavior

    No RAM bloat expected until any of those partitions are needed. The binary should only be 1.8MiB or so given this code

    package main
    
    import _ "github.com/aws/aws-sdk-go/aws/endpoints"
    
    func main() {
    	println("importsbin")
    }
    

    Current Behavior

    The binary size from the repro is 4.5MiB on my Mac

    Reproduction Steps

    Build this binary

    package main
    
    import _ "github.com/aws/aws-sdk-go/aws/endpoints"
    
    func main() {
    	println("importsbin")
    }
    

    then run before and after initializing those partition variables lazily

    go build -o bin/imbin_after ./cmd/importsbin/ && ls -lrth bin/
    

    Possible Solution

    Add the ability to lazily initialize using sync.Once and make initializers inside Default*Partition values so that the generated code will look like this

     func DefaultPartitions() []Partition {
    +       initDefaultPartitions()
            return defaultPartitions.Partitions()
     }
     
    +var initDefaultPartitionsOnce sync.Once
    +
    +func initDefaultPartitions() {
    +       initDefaultPartitionsOnce.Do(func() {
    +               initAWSPartition()
    +               initAWSCnPartition()
    +               initAWSUSGovPartition()
    +               initAWSISOPartition()
    +               initAWSISOBPartition()
    +       })
    +}
    +
     var defaultPartitions = partitions{
            awsPartition,
            awscnPartition,
    @@ -93,31662 +108,31697 @@ var defaultPartitions = partitions{
     
     // AwsPartition returns the Resolver for AWS Standard.
     func AwsPartition() Partition {
    +       if awsPartition.ID == "" {
    +               initAWSPartition()
    +       }index 4a1a0f9ef..660cb0321 100644
    --- a/aws/endpoints/defaults.go
    +++ b/aws/endpoints/defaults.go
    @@ -4,6 +4,7 @@ package endpoints
     
     import (
            "regexp"
    +       "sync"
     )
     
     // Partition identifiers
    @@ -69,20 +70,34 @@ const (
     //
     // Use DefaultPartitions() to get the list of the default partitions.
     func DefaultResolver() Resolver {
    +       initDefaultPartitions()
            return defaultPartitions
     }
     
     // DefaultPartitions returns a list of the partitions the SDK is bundled
     // with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US).
     //
    -//    partitions := endpoints.DefaultPartitions
    -//    for _, p := range partitions {
    -//        // ... inspect partitions
    -//    }
    +//     partitions := endpoints.DefaultPartitions
    +//     for _, p := range partitions {
    +//         // ... inspect partitions
    +//     }
     func DefaultPartitions() []Partition {
    +       initDefaultPartitions()
            return defaultPartitions.Partitions()
     }
     
    +var initDefaultPartitionsOnce sync.Once
    +
    +func initDefaultPartitions() {
    +       initDefaultPartitionsOnce.Do(func() {
    +               initAWSPartition()
    +               initAWSCnPartition()
    +               initAWSUSGovPartition()
    +               initAWSISOPartition()
    +               initAWSISOBPartition()
    +       })
    +}
    +
     var defaultPartitions = partitions{
            awsPartition,
            awscnPartition,
    @@ -93,31662 +108,31697 @@ var defaultPartitions = partitions{
     
     // AwsPartition returns the Resolver for AWS Standard.
     func AwsPartition() Partition {
    +       if awsPartition.ID == "" {
    +               initAWSPartition()
    +       }
            return awsPartition.Partition()
     }
            return awsPartition.Partition()
     }
    

    Additional Information/Context

    No response

    SDK version used

    v1.44.39

    Environment details (Version of Go (go version)? OS name and version, etc.)

    go version devel go1.19-7846e25418 Fri Jun 3 00:13:09 2022 +0000 darwin/amd64

    bug needs-triage 
    opened by odeke-em 2
  • Lambda function URLs How to Read Body from Post?

    Lambda function URLs How to Read Body from Post?

    Describe the issue

    Ex: curl -i -XPOST -H "Content-Type: application/json" https://xxxxxxx.lambda-url.us-east-1.on.aws -d '{"input":"ping"}'

    type Event struct { Input string json:"input" }

    func HandleRequest(event Event) (*Response, error) { if len(event.Input) > 0 && event.Input == "ping" { return &Response{Msg: "pong"}, nil } return &Response{Msg: "I don't know"}, nil }

    How to read the body coming from a Post ?

    Because the example above didn't work for the curl Payload but for the event it works 100%.

    Links

    https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html https://docs.aws.amazon.com/lambda/latest/dg/lambda-golang.html

    documentation needs-triage 
    opened by jeffotoni 0
  • [shared defaults] unable to locate files when environment variables are not set

    [shared defaults] unable to locate files when environment variables are not set

    Describe the bug

    The defaults for SharedCredentialsFilename() and SharedConfigFilename() in internal/shareddefaults/shared_config.go rely on UserHomeDir() to return the home directory of the current user:

    // internal/shareddefaults/shared_config.go
    func UserHomeDir() string {
        if runtime.GOOS == "windows" { // Windows
            return os.Getenv("USERPROFILE")
        }
    
        // *nix
        return os.Getenv("HOME")
    }
    

    When either environment variable is not set, SharedCredentialsFilename() returns ".aws/credentials", and SharedConfigFilename() returns ".aws/config" - relative paths that can not be found.

    Expected Behavior

    Certain test environments, such as e.g. bazel, clear the HOME environment variable, causing tests that rely on the Golang v1 SDK to fail.

    The situation is similar for Windows.

    Other AWS SDKs (botocore, AWS C++ SDK >= 1.9) are resilient against changes in the environment, by looking up user information based on the UID of the user, rather than from the environment.

    Current Behavior

    Clearing $HOME on Linux, or running within bazel test causes the look-up of credential/configuration files ~/.aws/{credentials,config} to fail.

    Reproduction Steps

    Run code compiled against the Golang v1 SDK by clearing the $HOME variable:

    • unset HOME or
    • env -i ./path/to/golang/executable.

    Possible Solution

    The standard library in os/user provides user.Current(), which provides the HomeDir field.

    Additional Information/Context

    Problem is also present in the Golang v2 SDK (same code) -- will create an issue there and refer to here.

    SDK version used

    v1.44.28

    Environment details (Version of Go (go version)? OS name and version, etc.)

    Independent of Go version (= all versions).

    bug needs-triage 
    opened by grrtrr 0
  • Be able to calculate sizes of `PutMetricData` requests client-side

    Be able to calculate sizes of `PutMetricData` requests client-side

    Describe the feature

    Right now, there is no clear way to know whether a request that is generated client-side will exceed 40 KiB request size limit for PutMetricData requests. Exposing this to clients will allow them to craft requests to PutMetricData that maximize the amount of datapoints per-request without exceeding the per-request limit.

    Use Case

    PutMetricData has many restrictions on its use, specifically:

    • No more than 150 requests per second per-region for a given account
    • No more than 150 datapoints per metric datum in a given request
    • No more than 20 metric datum per request
    • Requests must not exceed 40 KiB in size

    The rate limit motivates clients to pack as many values as possible (3,000) per request, but to do so in a way that does not exceed the 40 kilobyte / request limit. It would be nice if there were a way to expose what the size of a request is client-side so that we don't hit errors like:

    RequestEntityTooLarge: Request size 45305 exceeded 40960 bytes
    status code: 413,
    

    Proposed Solution

    A function should be exposed for a cloudwatch.PutMetricDataInput which calculates the size of the request so that clients can determine whether or not they need to split up a single cloudwatch.PutMetricDataInput into multiple, smaller cloudwatch.PutMetricDataInputs. Additionally, it would be useful to have the size calculated with or without gzip compression enabled.

    Other Information

    No response

    Acknowledgements

    • [ ] I may be able to implement this feature request
    • [ ] This feature might incur a breaking change

    SDK version used

    v1.44.33

    Environment details (Version of Go (go version)? OS name and version, etc.)

    go version go1.17.6 linux/amd64

    feature-request 
    opened by ianvernon 2
  • chore: Set permissions for GitHub actions

    chore: Set permissions for GitHub actions

    Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

    • Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

    https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

    https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

    Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

    Signed-off-by: naveen [email protected]

    opened by naveensrinivasan 0
  • Application in pod not picking up role from service account

    Application in pod not picking up role from service account

    Describe the bug

    My application (a k8s controller in Go) is running in a pod in AWS EKS. Some information about cluster & AWS Go SDK.

    EKS version: 1.21 eksctl version: 0.77.0 AWS Go SDK verion: v1.44.28 Deploying using kubectl

    I created a service account using eksctl as show below.

    eksctl create iamserviceaccount --cluster ${EKS_CLUSTER_NAME} \
    	--namespace tel \
    	--name tel-controller-serviceaccount \
    	--attach-policy-arn arn:aws:iam::xxxxxxxxx:policy/telcontrollerRoute53Policy \
    	--override-existing-serviceaccounts --approve
    

    The above role has a policy enabling to execute the route53:ChangeResourceRecordSets action. In addition to the above, the above service account also has some K8s role & rolebinding attached to it during deployment.

    The created service account

    kubectl get sa/tel-controller-serviceaccount -n tel -o yaml
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      annotations:
        eks.amazonaws.com/role-arn: arn:aws:iam::xxxxxxx:role/eksctl-eks-tel-addon-iamserviceaccount-tel-t-Role1-1XSKAF2YBFFUU
      creationTimestamp: "2022-06-10T17:56:32Z"
      labels:
        app.kubernetes.io/managed-by: eksctl
      name: tel-controller-serviceaccount
      namespace: tel
      resourceVersion: "2103"
      uid: ae6d4266-bf8f-4f78-901c-d7363cf406d1
    secrets:
    - name: tel-controller-serviceaccount-token-dc8gr
    

    Describing the pod, shows me the necessary env variables & mounts.

    Environment: AWS_DEFAULT_REGION: us-east-1 AWS_REGION: us-east-1 AWS_ROLE_ARN: arn:aws:iam::xxxx:role/eksctl-eks-tel-addon-iamserviceaccount-tel-t-Role1-1XSKAF2YBFFUU AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token Mounts: /var/run/secrets/eks.amazonaws.com/serviceaccount from aws-iam-token (ro) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-mwpzr (ro)

    In addition to the above, for debugging, I added code to read the content of the above token file (harded above file name in code) & also get the caller identity (GetCallerIdentity()). I was able the read the token file from above location, so it is not a access problem. Decoded JWT token shows this

    { "aud": [ "sts.amazonaws.com" ], "exp": 1654970669, "iat": 1654884269, "iss": "https://oidc.eks.us-east-1.amazonaws.com/id/xxxxxxxxxxxxxxxxxxxx", "kubernetes.io": { "namespace": "tel", "pod": { "name": "tel-controller-64747b9b67-8gr88", "uid": "39b0d09b-e187-4ae0-8ff0-8b66b48e7027" }, "serviceaccount": { "name": "tel-controller-serviceaccount", "uid": "ae6d4266-bf8f-4f78-901c-d7363cf406d1" } }, "nbf": 1654884269, "sub": "system:serviceaccount:tel:tel-controller-serviceaccount" }

    It looks correct to me.

    Expected Behavior

    Calling GetCallerIdentity() should have returned role set to the one set in AWS_ROLE_ARN - the IAM role attached to service account.

    Current Behavior

    Calling GetCallerIdentity() returns -

    { Account: "xxxxxxxxx", Arn: "arn:aws:sts::xxxxxxxxx:assumed-role/eksctl-eks-tel-nodegroup-voice-NodeInstanceRole-1UTZ668NI10S8/i-0cdb286a5811595a7", UserId: "AROAZUYK7F2GVF6F64MH7:i-0cdb286a5811595a7" }

    which is the nodegroup role of the EKS cluster.

    Reproduction Steps

    • create an IAM policy with some permissions. For my application it is named telcontrollerRoute53Policy and contains below permissions
    {  
        "Version": "2012-10-17",  
        "Statement": [  
            {  
                "Sid": "VisualEditor0",  
                "Effect": "Allow",  
                "Action": "route53:ChangeResourceRecordSets",  
                "Resource": "*"  
            }  
        ]  
    }  
    
    • create service account. I used eksctl to do so

    eksctl create iamserviceaccount --cluster ${EKS_CLUSTER_NAME}
    --namespace tel
    --name tel-controller-serviceaccount
    --attach-policy-arn arn:aws:iam::xxxxxxxxx:policy/telcontrollerRoute53Policy
    --override-existing-serviceaccounts --approve

    • my cluster role & cluster role binding for attached to the above service account.
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: tel-controller-role
      labels:
        app: tel-controller
    rules:
    - apiGroups: [""]
      resources: [events]
      verbs: [create, delete, get, list, update, watch]
    - apiGroups: ["networking.k8s.io"]
      resources: [ingressclasses]
      verbs: [get, list]
    - apiGroups: ["", "networking.k8s.io"]
      resources: [services, ingresses]
      verbs: [create, get, list, patch, update, delete, watch]
    - apiGroups: [""]
      resources: [configmaps]
      verbs: [create, delete, get, update]
    - apiGroups: ["coordination.k8s.io"]
      resources: ["leases"]
      verbs: [get, create, update]
    - apiGroups: [""]
      resources: [pods]
      verbs: [get, list, watch, update]
    - apiGroups: ["", "networking.k8s.io"]
      resources: [services/status, ingresses/status]
      verbs: [update, patch]
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: tel-controller-rolebinding
      labels:
        app: tel-controller
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: tel-controller-role
    subjects:
    - kind: ServiceAccount
      name: tel-controller-serviceaccount
      namespace: tel
    

    SSCCE code including rbac.yaml & deployment.yaml at https://github.com/anshumanr/sa

    Possible Solution

    No response

    Additional Information/Context

    No response

    SDK version used

    v1.44.28

    Environment details (Version of Go (go version)? OS name and version, etc.)

    go version go1.17.8 linux/amd64

    bug needs-triage 
    opened by anshumanr 3
Releases(v1.44.42)
  • v1.44.42(Jun 24, 2022)

    Release v1.44.42 (2022-06-24)

    Service Client Updates

    • service/glue: Updates service API and documentation
      • This release enables the new ListCrawls API for viewing the AWS Glue Crawler run history.
    • service/rds-data: Updates service documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.41(Jun 23, 2022)

    Release v1.44.41 (2022-06-23)

    Service Client Updates

    • service/lookoutequipment: Updates service API, documentation, and paginators
    • service/mediaconvert: Updates service documentation
      • AWS Elemental MediaConvert SDK has released support for automatic DolbyVision metadata generation when converting HDR10 to DolbyVision.
    • service/mgn: Updates service API, documentation, and paginators
    • service/migration-hub-refactor-spaces: Updates service API and documentation
    • service/sagemaker: Updates service API and documentation
      • SageMaker Ground Truth now supports Virtual Private Cloud. Customers can launch labeling jobs and access to their private workforce in VPC mode.
    Source code(tar.gz)
    Source code(zip)
  • v1.44.40(Jun 22, 2022)

    Release v1.44.40 (2022-06-22)

    Service Client Updates

    • service/apigateway: Updates service documentation
      • Documentation updates for Amazon API Gateway
    • service/pricing: Updates service API and documentation
    • service/transfer: Updates service API and documentation
      • Until today, the service supported only RSA host keys and user keys. Now with this launch, Transfer Family has expanded the support for ECDSA and ED25519 host keys and user keys, enabling customers to support a broader set of clients by choosing RSA, ECDSA, and ED25519 host and user keys.
    Source code(tar.gz)
    Source code(zip)
  • v1.44.39(Jun 21, 2022)

    Release v1.44.39 (2022-06-21)

    Service Client Updates

    • service/ec2: Updates service API and documentation
      • This release adds support for Private IP VPNs, a new feature allowing S2S VPN connections to use private ip addresses as the tunnel outside ip address over Direct Connect as transport.
    • service/ecs: Updates service documentation
      • Amazon ECS UpdateService now supports the following parameters: PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
    • service/wellarchitected: Updates service API and documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.38(Jun 20, 2022)

    Release v1.44.38 (2022-06-20)

    Service Client Updates

    • service/ds: Updates service API and documentation
      • This release adds support for describing and updating AWS Managed Microsoft AD settings
    • service/kafka: Updates service documentation
    • service/outposts: Updates service API and documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.37(Jun 17, 2022)

    Release v1.44.37 (2022-06-17)

    Service Client Updates

    • service/connect: Updates service API
    • service/connectcampaigns: Adds new service
    • service/dynamodb: Updates service API, documentation, waiters, paginators, and examples
      • Doc only update for DynamoDB service
    • service/streams.dynamodb: Updates service documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.36(Jun 16, 2022)

    Release v1.44.36 (2022-06-16)

    Service Client Updates

    • service/redshift-data: Updates service API and documentation
    • service/redshiftserverless: Adds new service
    • service/secretsmanager: Updates service documentation
      • Documentation updates for Secrets Manager
    • service/securityhub: Updates service API and documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.35(Jun 15, 2022)

    Release v1.44.35 (2022-06-15)

    Service Client Updates

    • service/finspace-data: Updates service API and documentation
    • service/guardduty: Updates service API and documentation
      • Adds finding fields available from GuardDuty Console. Adds FreeTrial related operations. Deprecates the use of various APIs related to Master Accounts and Replace them with Administrator Accounts.
    • service/servicecatalog-appregistry: Updates service API, documentation, and paginators
    • service/workspaces: Updates service API and documentation
      • Added new field "reason" to OperationNotSupportedException. Receiving this exception in the DeregisterWorkspaceDirectory API will now return a reason giving more context on the failure.
    Source code(tar.gz)
    Source code(zip)
  • v1.44.34(Jun 14, 2022)

    Release v1.44.34 (2022-06-14)

    Service Client Updates

    • service/budgets: Updates service API and documentation
      • Add a budgets ThrottlingException. Update the CostFilters value pattern.
    • service/lookoutmetrics: Updates service API and documentation
    • service/mediaconvert: Updates service API and documentation
      • AWS Elemental MediaConvert SDK has added support for rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
    Source code(tar.gz)
    Source code(zip)
  • v1.44.33(Jun 13, 2022)

  • v1.44.32(Jun 10, 2022)

  • v1.44.31(Jun 9, 2022)

  • v1.44.30(Jun 8, 2022)

    Release v1.44.30 (2022-06-08)

    Service Client Updates

    • service/dms: Updates service API, documentation, and paginators
      • This release adds DMS Fleet Advisor APIs and exposes functionality for DMS Fleet Advisor. It adds functionality to create and modify fleet advisor instances, and to collect and analyze information about the local data infrastructure.
    • service/iam: Updates service documentation
      • Documentation updates for AWS Identity and Access Management (IAM).
    • service/m2: Updates service API, documentation, paginators, and examples
    • service/neptune: Updates service API and documentation
      • This release adds support for Neptune to be configured as a global database, with a primary DB cluster in one region, and up to five secondary DB clusters in other regions.
    • service/redshift: Updates service API and documentation
      • Adds new API GetClusterCredentialsWithIAM to return temporary credentials.
    • service/redshift-serverless: Adds new service
    Source code(tar.gz)
    Source code(zip)
  • v1.44.29(Jun 7, 2022)

    Release v1.44.29 (2022-06-07)

    Service Client Updates

    • service/auditmanager: Updates service API and documentation
    • service/ce: Updates service API, documentation, and paginators
    Source code(tar.gz)
    Source code(zip)
  • v1.44.28(Jun 6, 2022)

    Release v1.44.28 (2022-06-06)

    Service Client Updates

    • service/chime-sdk-messaging: Updates service API, documentation, and paginators
    • service/connect: Updates service API, documentation, and paginators

    SDK Enhancements

    • service/cloudwatch: Add helper to send request payload as GZIP content encoding
      • Adds a new helper, WithGzipRequest to the cloudwatch package. The helper will configure the payload to be sent as content-encoding: gzip. It is supported by operations like PutMetricData. See the service's API Reference documentation for other operations supported.
    Source code(tar.gz)
    Source code(zip)
  • v1.44.27(Jun 2, 2022)

    Release v1.44.27 (2022-06-02)

    Service Client Updates

    • service/application-insights: Updates service API and documentation
    • service/codeartifact: Updates service documentation
    • service/connect: Updates service API, documentation, and paginators
    • service/kendra: Updates service API and documentation
      • Amazon Kendra now provides a data source connector for GitHub. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html
    • service/proton: Updates service API, documentation, waiters, and paginators
    • service/voice-id: Updates service API and documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.26(Jun 1, 2022)

    Release v1.44.26 (2022-06-01)

    Service Client Updates

    • service/backup-gateway: Updates service API and documentation
    • service/chime-sdk-meetings: Updates service API and documentation
    • service/forecast: Updates service API and documentation
    • service/route53: Updates service API, documentation, and paginators
      • Add new APIs to support Route 53 IP Based Routing
    Source code(tar.gz)
    Source code(zip)
  • v1.44.25(May 31, 2022)

    Release v1.44.25 (2022-05-31)

    Service Client Updates

    • service/cognito-idp: Updates service API and documentation
    • service/drs: Updates service API, documentation, and paginators
    • service/iotsitewise: Updates service API and documentation
    • service/lookoutmetrics: Updates service API and documentation
    • service/sagemaker: Updates service API
      • Amazon SageMaker Notebook Instances now support Jupyter Lab 3.
    • service/transcribe: Updates service API and documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.24(May 27, 2022)

    Release v1.44.24 (2022-05-27)

    Service Client Updates

    • service/appflow: Updates service API and documentation
    • service/datasync: Updates service API, documentation, and paginators
    • service/emr-serverless: Adds new service
    • service/sagemaker: Updates service API and documentation
      • Amazon SageMaker Notebook Instances now allows configuration of Instance Metadata Service version and Amazon SageMaker Studio now supports G5 instance types.
    Source code(tar.gz)
    Source code(zip)
  • v1.44.23(May 26, 2022)

    Release v1.44.23 (2022-05-26)

    Service Client Updates

    • service/ec2: Updates service API
      • C7g instances, powered by the latest generation AWS Graviton3 processors, provide the best price performance in Amazon EC2 for compute-intensive workloads.
    • service/emr-serverless: Adds new service
    • service/forecast: Updates service API and documentation
    • service/lightsail: Updates service API and documentation
      • Amazon Lightsail now supports the ability to configure a Lightsail Container Service to pull images from Amazon ECR private repositories in your account.

    SDK Bugs

    • service/cloudwatchevidently: Introduces a breaking change for following parameters from a JSONValue to string type, because the SDKs JSONValue is not compatible with the service's request and response shapes.
      • EvaluateFeatureInput.EvaluationContext
      • EvaluateFeatureOutput.Details
      • EvaluationRequest.EvaluationContext
      • EvaluationResult.Details
      • Event.Data
      • ExperimentReport.Content
      • MetricDefinition.EventPattern
      • MetricDefinitionConfig.EventPattern
    Source code(tar.gz)
    Source code(zip)
  • v1.44.22(May 25, 2022)

    Release v1.44.22 (2022-05-25)

    Service Client Updates

    • service/apigateway: Updates service documentation
      • Documentation updates for Amazon API Gateway
    • service/apprunner: Updates service documentation
    • service/cloudformation: Updates service API and documentation
      • Add a new parameter statusReason to DescribeStackSetOperation output for additional details
    • service/fsx: Updates service API and documentation
    • service/lookoutmetrics: Updates service API and documentation
    • service/sagemaker: Updates service API and documentation
      • Amazon SageMaker Autopilot adds support for manually selecting features from the input dataset using the CreateAutoMLJob API.
    • service/secretsmanager: Updates service documentation
      • Documentation updates for Secrets Manager
    • service/voice-id: Updates service API, documentation, and paginators
    Source code(tar.gz)
    Source code(zip)
  • v1.44.21(May 24, 2022)

    Release v1.44.21 (2022-05-24)

    Service Client Updates

    • service/cognito-idp: Updates service API and documentation
    • service/ec2: Updates service API and documentation
      • Stop Protection feature enables customers to protect their instances from accidental stop actions.
    • service/ivschat: Updates service documentation
    • service/mediaconvert: Updates service API and documentation
      • AWS Elemental MediaConvert SDK has added support for rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
    • service/networkmanager: Updates service API and documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.20(May 23, 2022)

    Release v1.44.20 (2022-05-23)

    Service Client Updates

    • service/elasticache: Updates service API and documentation
      • Added support for encryption in transit for Memcached clusters. Customers can now launch Memcached cluster with encryption in transit enabled when using Memcached version 1.6.12 or later.
    • service/forecast: Updates service API, documentation, and paginators
    • service/personalize: Updates service API and documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.19(May 20, 2022)

    Release v1.44.19 (2022-05-20)

    Service Client Updates

    • service/comprehend: Updates service API and documentation
    • service/logs: Updates service documentation
      • Doc-only update to publish the new valid values for log retention
    Source code(tar.gz)
    Source code(zip)
  • v1.44.18(May 19, 2022)

    Release v1.44.18 (2022-05-19)

    Service Client Updates

    • service/gamesparks: Updates service API and documentation
    • service/lookoutmetrics: Updates service API and documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.17(May 18, 2022)

    Release v1.44.17 (2022-05-18)

    Service Client Updates

    • service/appmesh: Updates service API and documentation
    • service/batch: Updates service documentation
      • Documentation updates for AWS Batch.
    • service/greengrassv2: Updates service API and documentation
    • service/iotevents-data: Updates service API and documentation
    • service/quicksight: Updates service API and documentation
      • API UpdatePublicSharingSettings enables IAM admins to enable/disable account level setting for public access of dashboards. When enabled, owners/co-owners for dashboards can enable public access on their dashboards. These dashboards can only be accessed through share link or embedding.
    • service/transfer: Updates service API and documentation
      • AWS Transfer Family now supports SetStat server configuration option, which provides the ability to ignore SetStat command issued by file transfer clients, enabling customers to upload files without any errors.
    Source code(tar.gz)
    Source code(zip)
  • v1.44.16(May 17, 2022)

    Release v1.44.16 (2022-05-17)

    Service Client Updates

    • service/glue: Updates service API and documentation
      • This release adds a new optional parameter called codeGenNodeConfiguration to CRUD job APIs that allows users to manage visual jobs via APIs. The updated CreateJob and UpdateJob will create jobs that can be viewed in Glue Studio as a visual graph. GetJob can be used to get codeGenNodeConfiguration.
    • service/kms: Updates service documentation
      • Add HMAC best practice tip, annual rotation of AWS managed keys.
    Source code(tar.gz)
    Source code(zip)
  • v1.44.15(May 16, 2022)

    Release v1.44.15 (2022-05-16)

    Service Client Updates

    • service/cloudfront: Updates service API and documentation
      • Introduced a new error (TooLongCSPInResponseHeadersPolicy) that is returned when the value of the Content-Security-Policy header in a response headers policy exceeds the maximum allowed length.
    • service/discovery: Updates service API and documentation
      • Add Migration Evaluator Collector details to the GetDiscoverySummary API response
    • service/rekognition: Updates service documentation
      • Documentation updates for Amazon Rekognition.
    • service/resiliencehub: Updates service API and documentation
    • service/servicecatalog: Updates service documentation
      • Updated the descriptions for the ListAcceptedPortfolioShares API description and the PortfolioShareType parameters.
    • service/sts: Updates service documentation
      • Documentation updates for AWS Security Token Service.
    • service/workspaces-web: Updates service API and documentation
    Source code(tar.gz)
    Source code(zip)
  • v1.44.14(May 13, 2022)

  • v1.44.13(May 12, 2022)

    Release v1.44.13 (2022-05-12)

    Service Client Updates

    • service/ec2: Updates service API and documentation
      • This release introduces a target type Gateway Load Balancer Endpoint for mirrored traffic. Customers can now specify GatewayLoadBalancerEndpoint option during the creation of a traffic mirror target.
    • service/finspace-data: Updates service documentation
    • service/iot: Updates service documentation
      • Documentation update for China region ListMetricValues for IoT
    • service/ivschat: Updates service API and documentation
    • service/kendra: Updates service API and documentation
      • Amazon Kendra now provides a data source connector for Jira. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-jira.html
    • service/lambda: Updates service API and documentation
      • Lambda releases NodeJs 16 managed runtime to be available in all commercial regions.
    • service/lightsail: Updates service API and documentation
      • This release adds support to include inactive database bundles in the response of the GetRelationalDatabaseBundles request.
    • service/outposts: Updates service documentation
    • service/ssm-incidents: Updates service API and documentation
    • service/transfer: Updates service documentation
      • AWS Transfer Family now accepts ECDSA keys for server host keys
    • service/workspaces: Updates service API
      • Increased the character limit of the login message from 600 to 850 characters.
    Source code(tar.gz)
    Source code(zip)
Sample apps and code written for Google Cloud in the Go programming language.

Google Cloud Platform Go Samples This repository holds sample code written in Go that demonstrates the Google Cloud Platform. Some samples have accomp

Google Cloud Platform 3.4k Jun 21, 2022
AWS Lambda to work around index.html S3/CloudFront mess

No more index.html mess with AWS CloudFront/S3 Problem Consider you have a statically generated site — a bunch of usual resources, including html file

Artyom Pervukhin 26 Jun 18, 2022
Browse your AWS ECS Clusters in the Terminal

Browse your AWS ECS Clusters in the Terminal. The ecsview application is a terminal-based UI for browsing Amazon Elastic Container Service (ECS) clust

Jason Swartz 95 Jun 22, 2022
Generate a basic IAM policy from AWS client-side monitoring (CSM)

iamlive Generate a basic IAM policy from AWS client-side monitoring (CSM) Installation Pre-built binaries Pre-built binaries for Windows, macOS and Li

Ian Mckay 1.9k Jun 26, 2022
AWS plugin for Steampipe

Use SQL to query IAM users, EC2 instances and more from your AWS account.

Turbot 77 Jun 11, 2022
This example shows how to serve private contents on AWS S3 through CloudFront signed URL.

AWS CloudFront with Signed URL This is the repository of my blog post. This example shows how to serve private contents on AWS S3 through CloudFront s

Hao-Ming, Hsu 6 Jan 14, 2022
Go language interface to Swift / Openstack Object Storage / Rackspace cloud files (golang)

Swift This package provides an easy to use library for interfacing with Swift / Openstack Object Storage / Rackspace cloud files from the Go Language

Nick Craig-Wood 290 Jun 10, 2022
AWS SDK for the Go programming language.

AWS SDK for Go aws-sdk-go is the official AWS SDK for the Go programming language. Checkout our release notes for information about the latest bug fix

Amazon Web Services 7.7k Jun 22, 2022
Nextengine-sdk-go: the NextEngine SDK for the Go programming language

NextEngine SDK for Go nextengine-sdk-go is the NextEngine SDK for the Go programming language. Getting Started Install go get github.com/takaaki-s/nex

null 0 Dec 7, 2021
Floppa programming language inspired by the brainf*ck programming language. Created just for fun and you can convert your brainf*ck code to floppa code.

Floppa Programming Language Created just for fun. But if you want to contribute, why not? Floppa p.l. inspired by the brainf*ck programming language.

null 18 Apr 26, 2022
T# Programming Language. Something like Porth, Forth but written in Go. Stack-oriented programming language.

The T# Programming Language WARNING! THIS LANGUAGE IS A WORK IN PROGRESS! ANYTHING CAN CHANGE AT ANY MOMENT WITHOUT ANY NOTICE! Something like Forth a

T# 92 Jun 29, 2022
Yayx programming language is begginer friendly programming language.

Yayx Yayx programming language is begginer friendly programming language. What have yayx: Easy syntax Dynamic types Can be compiled to outhers program

null 1 Dec 27, 2021
Yayx programming language is begginer friendly programming language.

Yayx Yayx programming language is begginer friendly programming language. What have yayx: Easy syntax Dynamic types Can be compiled to outhers program

Yayx Programming Language 7 May 20, 2022
Simple no frills AWS S3 Golang Library using REST with V4 Signing (without AWS Go SDK)

simples3 : Simple no frills AWS S3 Library using REST with V4 Signing Overview SimpleS3 is a golang library for uploading and deleting objects on S3 b

Rohan Verma 87 Jun 10, 2022
A package for access aws service using AWS SDK for Golang

goaws ?? A package for access aws service using AWS SDK for Golang Advantage with goaws package Example for get user list IAM with AWS SDK for Golang

Muhammad Ichsanul Fadhil 1 Nov 25, 2021
Advent of Code is an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like.

Advent of Code 2021 Advent of Code is an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved

Kemal Ogun Isik 0 Dec 2, 2021
Zach Howell 0 Jan 4, 2022
A repository for showcasing my knowledge of the Google Go (2009) programming language, and continuing to learn the language.

Learning Google Golang (programming language) Not to be confused with the Go! programming language by Francis McCabe I don't know very much about the

Sean P. Myrick V19.1.7.2 1 Nov 26, 2021
A repository for showcasing my knowledge of the Go! (2003) programming language, and continuing to learn the language.

Learning Go! (programming language) Not to be confused with Google Golang (2009) I don't know too much about the Go! programming language, but I know

Sean P. Myrick V19.1.7.2 1 Nov 26, 2021
Run the same Docker images in AWS Lambda and AWS ECS

serverlessish tl;dr Run the exact same image for websites in Lambda as you do in ECS, Kubernetes, etc. Just add this to your Dockerfile, listen on por

Glass Echidna 182 Apr 2, 2022
CLI for exploring AWS EC2 Spot inventory. Inspect AWS Spot instance types, saving, price, and interruption frequency.

spotinfo The spotinfo is a command-line tool that helps you determine AWS Spot instance types with the least chance of interruption and provides the s

Alexei Ledenev 62 Jun 21, 2022
This plugin helps you to use the AWS Command Line Interface (AWS CLI) to start and end sessions to your managed instances

Session Manager Plugin This plugin helps you to use the AWS Command Line Interface (AWS CLI) to start and end sessions to your managed instances. Sess

Amazon Web Services 151 Jun 23, 2022
Terraform provider to help with various AWS automation tasks (mostly all that stuff we cannot accomplish with the official AWS terraform provider)

terraform-provider-awsutils Terraform provider for performing various tasks that cannot be performed with the official AWS Terraform Provider from Has

Cloud Posse 18 Jun 17, 2022
Infrastructure testing helper for AWS Resources that uses AWS SSM to remotely execute commands on EC2 machines.

Infrastructure testing helper for AWS Resources that uses AWS SSM to remotely execute commands on EC2 machines, to enable infrastructure engineering teams to write tests that validate behaviour.

Ankit Wal 17 Jun 2, 2022
CLI tool to update ~/.aws/config with all accounts and permission sets defined in AWS SSO

aws-sso-profiles Generate or update ~/.aws/config with a profile for each SSO account you have access to, by using an existing AWS SSO session. Bootst

SpareBank 1 Utvikling 2 Oct 18, 2021
Integrate AWS EKS Anywhere cluster with AWS Services

This article provides step-by-step instruction on integrating AWS EKS Anywhere with AWS Services so the applications running on customer data center can securely connect with these services.

Hari Ohm Prasath 2 Mar 6, 2022
Apis para la administracion de notifiaciones, utilizando servicios como AWS SNS y AWS SQS

notificacion_api Servicio para envío de notificaciónes por difusión en AWS SNS Especificaciones Técnicas Tecnologías Implementadas y Versiones Golang

Universidad Distrital Francisco José de Caldas 0 Jan 7, 2022
AWS credential_process utility to assume AWS IAM Roles with Yubikey Touch and Authenticator App TOPT MFA to provide temporary session credentials; With encrypted caching and support for automatic credential refresh.

AWS credential_process utility to assume AWS IAM Roles with Yubikey Touch and Authenticator App TOPT MFA to provide temporary session credentials; With encrypted caching and support for automatic credential refresh.

Ari Palo 15 May 2, 2022