Allow Firehose authentication using sts credentials (#2034)

2024-11-06 08:55:24 +00:00 · 2019-04-24 16:30:16 -07:00 · 2019-04-24 16:30:16 -07:00 · ad12ee4db4
commit ad12ee4db4
parent 75868a7005
2 changed files with 13 additions and 4 deletions
--- a/Gopkg.lock
+++ b/Gopkg.lock
@ -711,8 +711,10 @@
    "github.com/VividCortex/mysqlerr",
    "github.com/WatchBeam/clock",
    "github.com/aws/aws-sdk-go/aws",
+    "github.com/aws/aws-sdk-go/aws/awserr",
    "github.com/aws/aws-sdk-go/aws/credentials",
    "github.com/aws/aws-sdk-go/aws/session",
+    "github.com/aws/aws-sdk-go/service/firehose",
    "github.com/aws/aws-sdk-go/service/firehose/firehoseiface",
    "github.com/beevik/etree",
    "github.com/briandowns/spinner",
--- a/server/logging/firehose.go
+++ b/server/logging/firehose.go
@ -34,10 +34,17 @@ type firehoseLogWriter struct {
 }

 func NewFirehoseLogWriter(region, id, secret, stream string, logger log.Logger) (*firehoseLogWriter, error) {
-	sess, err := session.NewSession(&aws.Config{
-		Credentials: credentials.NewStaticCredentials(id, secret, ""),
-		Region:      &region,
-	})
+	conf := &aws.Config{
+		Region: &region,
+	}
+
+	// Only provide static credentials if we have them
+	// otherwise use the default credentials provider chain
+	if id != "" && secret != "" {
+		conf.Credentials = credentials.NewStaticCredentials(id, secret, "")
+	}
+
+	sess, err := session.NewSession(conf)
 	if err != nil {
 		return nil, errors.Wrap(err, "create Firehose client")
 	}