allow using AWS role or EC2 Instance role for Elasticsearch Auth (#306)

##### ISSUE TYPE
<!--- Pick one below and delete the rest: -->
 - Feature Pull Request

##### SUMMARY
<!--- Describe the change, including rationale and design decisions -->
Allow using AWS role or EC2 Instance role to generate session tokens for AWS credentials.
<!---
If you are fixing an existing issue, please include "Fixes #nnn" in your
PR comment; and describe briefly what the change does.
-->

<!--- Please list dependencies added with your change also -->

comm_config.yaml

@@ -20,10 +20,11 @@ communications:
   elasticsearch:
     enabled: false
     awsSigning:
-      enabled: false                             # enable awsSigning using IAM for Elastisearch hosted on AWS, if true make sure AWS environment variables are set. Refer https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
-      awsRegion: "us-east-1"                     # AWS region where Elasticsearch is deployed
-    server: 'ELASTICSEARCH_ADDRESS'                                    # e.g https://example.com:9243
-    username: 'ELASTICSEARCH_USERNAME'                                 # Basic Auth
+      enabled: false                            # enable awsSigning using IAM for Elastisearch hosted on AWS, if true make sure AWS environment variables are set. Refer https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
+      awsRegion: 'us-east-1'                    # AWS region where Elasticsearch is deployed
+      roleArn: ''                               # AWS IAM Role arn to assume for credentials, use this only if you dont want to use the EC2 instance role or not running on AWS instance
+    server: 'ELASTICSEARCH_ADDRESS'             # e.g https://example.com:9243
+    username: 'ELASTICSEARCH_USERNAME'          # Basic Auth
     password: 'ELASTICSEARCH_PASSWORD'
     # ELS index settings
     index:

pkg/config/config.go

@@ -128,6 +128,7 @@ type ElasticSearch struct {
 type AWSSigning struct {
 	Enabled   bool
 	AWSRegion string `yaml:"awsRegion"`
+	RoleArn   string `yaml:"roleArn"`
 }
 
 // Index settings for ELS

pkg/notify/elasticsearch.go

@@ -25,6 +25,9 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/aws/signer/v4"
 	"github.com/infracloudio/botkube/pkg/config"
 	"github.com/infracloudio/botkube/pkg/events"
@@ -55,11 +58,19 @@ type ElasticSearch struct {
 func NewElasticSearch(c *config.Config) (Notifier, error) {
 	var elsClient *elastic.Client
 	var err error
+	var creds *credentials.Credentials
 	if c.Communications.ElasticSearch.AWSSigning.Enabled {
 		// Get credentials from environment variables and create the AWS Signature Version 4 signer
-		creds := credentials.NewEnvCredentials()
+		sess := session.Must(session.NewSession())
+		if c.Communications.ElasticSearch.AWSSigning.RoleArn != "" {
+			creds = stscreds.NewCredentials(sess, c.Communications.ElasticSearch.AWSSigning.RoleArn)
+		} else {
+			creds = ec2rolecreds.NewCredentials(sess)
+		}
+
 		signer := v4.NewSigner(creds)
 		awsClient, err := aws_signing_client.New(signer, nil, awsService, c.Communications.ElasticSearch.AWSSigning.AWSRegion)
+
 		if err != nil {
 			return nil, err
 		}