scratchfoundation/aws-sts-helper
1
0
Fork 0
mirror of https://github.com/scratchfoundation/aws-sts-helper.git synced 2024-12-03 04:17:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
aws-sts-helper/index.js
Colby Gutierrez-Kraybill ed13179dc4 First commit
2018-08-15 23:51:03 -04:00

67 lines
2.1 KiB
JavaScript
Raw Blame History

const aws = require('aws-sdk');
const fs = require('fs');
const defaults = require('lodash').defaults;
const credentialsExpired = c => {
if (c && c.Credentials) {
const expiration = new Date(c.Credentials.expiration);
if (expiration.getTime() < new Date().getTime()) {
return true;
}
}
return false;
};
const getTemporaryCredentials = (config, callback) => {
defaults(config, {
credentials: {
fileName: process.env.AWS_STS_FILE_NAME || './.aws-sts.json',
mode: parseInt(process.env.AWS_STS_FILE_MODE, 8) || 0o600,
},
role: {
arn: process.env.AWS_ROLE_ARN || '',
sessionName: process.env.AWS_ROLE_SESSION_NAME || 'temporary'
durationSeconds: process.env.AWS_ROLE_DURATION_SECONDS || 43200
},
key: {
access: process.env.AWS_STS_ACCESS_KEY || '',
secret: process.env.AWS_STS_ACCESS_SECRET || ''
}
});
const sts = new aws.STS({
accessKeyId: config.key.access,
secretAccessKey: config.key.secret
});
fs.readFile(config.credentials.fileName, 'utf-8', (err, old) => {
if (err || credentialsExpired(old)) {
sts.assumeRole({
RoleArn: config.role.arn,
RoleSessionName: config.role.sessionName,
DurationSeconds: config.role.durationSeconds
}, (err, newCredentials) => {
if (err) return callback(err, null);
fs.writeFile(
config.credentials.fileName,
JSON.stringify(newCredentials),
{
mode: config.credentials.mode,
encoding: 'utf-8'
},
err => {
if (err) return callback(err, null);
return callback(null, newCredentials);
}
);
});
} else {
return callback(null, old);
}
});
};
module.exports = {
getTemporaryCredentials: getTemporaryCredentials
};
Reference in a new issue View git blame Copy permalink