Documentation
¶
Index ¶
- func DecodePEMAndParseCertificate(certificate string) (*x509.Certificate, error)
- func GetIamInstanceProfileARN(instance *ec2.Instance) (string, error)
- func GetInstance(output *ec2.DescribeInstancesOutput) (*ec2.Instance, error)
- func GetInstanceId(instance *ec2.Instance) (string, error)
- func GetInstanceIdentityDocument(sess *session.Session) (doc ec2metadata.EC2InstanceIdentityDocument, err error)
- func GetPrivateIPAddress(instance *ec2.Instance) (string, error)
- func GetPublicIPAddress(instance *ec2.Instance) (string, error)
- func GetTags(instance *ec2.Instance) ([]*ec2.Tag, error)
- func ValidateInstance(output *ec2.DescribeInstancesOutput, doc IdentityDocument, remoteAddr string) (role string, err error)
- type IdentityDocument
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodePEMAndParseCertificate ¶
func DecodePEMAndParseCertificate(certificate string) (*x509.Certificate, error)
DecodePEMAndParseCertificate decodes the PEM encoded certificate and parses it into a x509 cert.
func GetIamInstanceProfileARN ¶
GetIamInstanceProfileARN extracts the ARN from the `instance` output of a call to DescribeInstances. The ARN is expected to be non-empty.
func GetInstance ¶
func GetInstance(output *ec2.DescribeInstancesOutput) (*ec2.Instance, error)
func GetInstanceId ¶
GetInstanceId returns the instanceID from the output of a call to DescribeInstances Instance.
func GetInstanceIdentityDocument ¶
func GetInstanceIdentityDocument(sess *session.Session) (doc ec2metadata.EC2InstanceIdentityDocument, err error)
GetInstanceIdentityDocument returns the EC2 Instance ID document (if the current process is running within an EC2 instance) or an error. Unlike the SDK's implementation, this will use longer timeouts and multiple retries to improve the reliability of getting the Instance ID document. The first result, whether success or failure, is cached for the lifetime of the process.
func GetPrivateIPAddress ¶
GetPrivateIPAddress extracts the private IP address from the output of a call to DescribeInstances Instance. The response is expected to be the first private IP attached to the instance. If the instances no attached interfaces, the value is empty ("")
func GetPublicIPAddress ¶
GetPublicIPAddress extracts the public IP address from the output of a call to DescribeInstances Instance. The response is expected to be non-empty if the instance has a public IP and empty ("") if the instance is private.
func ValidateInstance ¶
func ValidateInstance(output *ec2.DescribeInstancesOutput, doc IdentityDocument, remoteAddr string) (role string, err error)
ValidateInstance checks if an EC2 instance exists and it has the expected IP. It returns the name of the instance profile (the IAM role).
Note that this validation will not work for NATed VMs.
Types ¶
type IdentityDocument ¶
type IdentityDocument struct {
InstanceID string `json:"instanceId,omitempty"`
AccountID string `json:"accountId,omitempty"`
Region string `json:"region,omitempty"`
PendingTime time.Time `json:"pendingTime,omitempty"`
}
func ParseAndVerifyIdentityDocument ¶
func ParseAndVerifyIdentityDocument(pkcs7b64 string) (*IdentityDocument, string, error)
ParseAndVerifyIdentityDocument parses and checks and identity document in PKCS#7 format. Only some relevant fields are returned.
Source Files