...
AWS SDK for Go API Reference
import "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
Overview
Index

Overview ▾

Constants

const ProviderName = "EC2RoleProvider"

ProviderName provides a name of EC2Role provider

func NewCredentials

func NewCredentials(c client.ConfigProvider, options ...func(*EC2RoleProvider)) *credentials.Credentials

NewCredentials returns a pointer to a new Credentials object wrapping the EC2RoleProvider. Takes a ConfigProvider to create a EC2Metadata client. The ConfigProvider is satisfied by the session.Session type.

func NewCredentialsWithClient

func NewCredentialsWithClient(client *ec2metadata.EC2Metadata, options ...func(*EC2RoleProvider)) *credentials.Credentials

NewCredentialsWithClient returns a pointer to a new Credentials object wrapping the EC2RoleProvider. Takes a EC2Metadata client to use when connecting to EC2 metadata service.

type EC2RoleProvider

type EC2RoleProvider struct {
    credentials.Expiry

    // Required EC2Metadata client to use when connecting to EC2 metadata service.
    Client *ec2metadata.EC2Metadata

    // ExpiryWindow will allow the credentials to trigger refreshing prior to
    // the credentials actually expiring. This is beneficial so race conditions
    // with expiring credentials do not cause request to fail unexpectedly
    // due to ExpiredTokenException exceptions.
    //
    // So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
    // 10 seconds before the credentials are actually expired.
    //
    // If ExpiryWindow is 0 or less it will be ignored.
    ExpiryWindow time.Duration
}

A EC2RoleProvider retrieves credentials from the EC2 service, and keeps track if those credentials are expired.

Example how to configure the EC2RoleProvider with custom http Client, Endpoint or ExpiryWindow

p := &ec2rolecreds.EC2RoleProvider{
    // Pass in a custom timeout to be used when requesting
    // IAM EC2 Role credentials.
    Client: ec2metadata.New(sess, aws.Config{
        HTTPClient: &http.Client{Timeout: 10 * time.Second},
    }),

    // Do not use early expiry of credentials. If a non zero value is
    // specified the credentials will be expired early
    ExpiryWindow: 0,
}

func (*EC2RoleProvider) Retrieve

func (m *EC2RoleProvider) Retrieve() (credentials.Value, error)

Retrieve retrieves credentials from the EC2 service. Error will be returned if the request fails, or unable to extract the desired credentials.