Documentation ¶
Overview ¶
Package aws abstracts interacting with certain aspects of AWS, such as creating IAM roles and user, account keys, and access tokens.
Index ¶
Constants ¶
const ( // TemporaryCredMaxTTL is the maximum TTL for an AWS access token. TemporaryCredMaxTTL = 12 * time.Hour // S3ItemFormat is the canonical item format identifier for S3 buckets. S3ItemFormat = "s3bucket" // RedshiftItemFormat is the canonical item format identifier for Redshift clusters. RedshiftItemFormat = "redshift" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type APIClient ¶
type APIClient interface { ListUsers(input *iam.ListUsersInput) (*iam.ListUsersOutput, error) ListAccessKeys(input *iam.ListAccessKeysInput) (*iam.ListAccessKeysOutput, error) DeleteAccessKey(input *iam.DeleteAccessKeyInput) (*iam.DeleteAccessKeyOutput, error) GetCallerIdentity(input *sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) CreateAccessKey(input *iam.CreateAccessKeyInput) (*iam.CreateAccessKeyOutput, error) PutRolePolicy(input *iam.PutRolePolicyInput) (*iam.PutRolePolicyOutput, error) PutUserPolicy(input *iam.PutUserPolicyInput) (*iam.PutUserPolicyOutput, error) GetUser(input *iam.GetUserInput) (*iam.GetUserOutput, error) CreateUser(input *iam.CreateUserInput) (*iam.CreateUserOutput, error) GetRole(input *iam.GetRoleInput) (*iam.GetRoleOutput, error) CreateRole(input *iam.CreateRoleInput) (*iam.CreateRoleOutput, error) }
APIClient is a wrapper around the AWS SDK that can be mocked for unit testing.
func NewAPIClient ¶
NewAPIClient creates a new APIClient that delegates to the AWS SDK using the default AWS credentials provider.
type AccountWarehouse ¶
type AccountWarehouse struct {
// contains filtered or unexported fields
}
AccountWarehouse is used to create AWS IAM Users and temporary credentials
func NewWarehouse ¶
func NewWarehouse(_ context.Context, awsClient APIClient) (*AccountWarehouse, error)
NewWarehouse creates a new AccountWarehouse using the provided client and options.
func (*AccountWarehouse) GetAwsAccount ¶
func (wh *AccountWarehouse) GetAwsAccount() string
GetAwsAccount returns the AWS account used by this AccountWarehouse for creating IAM users, roles, and policies.
func (*AccountWarehouse) MintTokenWithTTL ¶
func (wh *AccountWarehouse) MintTokenWithTTL(ctx context.Context, params *ResourceParams) (*ResourceTokenResult, error)
MintTokenWithTTL returns an AccountKey or an AccessToken depending on the TTL requested.
type ResourceParams ¶
type ResourceParams struct { UserID string TTL time.Duration MaxKeyTTL time.Duration ManagedKeysPerAccount int Vars map[string]string TargetRoles []string TargetScopes []string DamResourceID string DamViewID string DamRoleID string ServiceTemplate *pb.ServiceTemplate }
ResourceParams contains all the arguments necessary to call MintTokenWithTTL on an AWS AccountWarehouse.