https://github.com/driftprogramming/goawsvault
go aws ecs vault assume role login
https://github.com/driftprogramming/goawsvault
assume-role aws ecs go login vault
Last synced: 29 days ago
JSON representation
go aws ecs vault assume role login
- Host: GitHub
- URL: https://github.com/driftprogramming/goawsvault
- Owner: driftprogramming
- License: mit
- Created: 2021-07-13T06:08:52.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2021-07-13T06:59:51.000Z (over 4 years ago)
- Last Synced: 2024-06-20T12:41:21.744Z (over 1 year ago)
- Topics: assume-role, aws, ecs, go, login, vault
- Language: Go
- Homepage:
- Size: 3.85 MB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Go + AWS(ECS) + Vault = goawsvault
## Usage
```commandline
go get github.com/driftprogramming/goawsvault@v1.0.0
```
Examples `example/usage.go`
Three different cases to login vault client and renew the vault client token automatically.
````go
package example
import (
"context"
"os"
"github.com/driftprogramming/goawsvault"
"github.com/hashicorp/vault/api"
)
func vaultLoginExample() *api.Client {
vaultClient := goawsvault.Login("https://vault.mycompany.net", "auth/mycompany-dev/login", map[string]interface{}{"role_id": "developer"})
tm := goawsvault.NewTokenManager(context.Background(), vaultClient)
tm.MonitoringForToken() // renew vault token automatically
return vaultClient
}
func vaultLoginWithinAwsEcsContainerAutomaticallyExample() *api.Client {
vaultClient := goawsvault.LoginWithinAwsEcsContainerAutomatically("https://vault.mycompany.net", "eu-west-1")
tm := goawsvault.NewTokenManager(context.Background(), vaultClient)
tm.MonitoringForToken() // renew vault token automatically
return vaultClient
}
func vaultLoginByAwsRoleArnExample() *api.Client {
_ = os.Setenv("AWS_ACCESS_KEY_ID", "AKKKAFYN9K3AUY74SNY39") // the parent aws credentials to call aws api to assume the specific role
_ = os.Setenv("AWS_SECRET_ACCESS_KEY", "ZTL9288NXdymfhxcISMOCU+AsYy9O3RsiDptABm8")
vaultClient := goawsvault.LoginByAwsRoleArn("https://vault.mycompany.net", "arn:aws:iam::468785217309:role/my-application-service-dev", "eu-west-1")
tm := goawsvault.NewTokenManager(context.Background(), vaultClient)
tm.MonitoringForToken() // renew vault token automatically
return vaultClient
}
````