src/component/helper/aws-credentials.js
'use strict';
const AWS = require('aws-sdk');
/**
* AWS security credentials
*/
class AwsCredentials {
/**
* @param {Object} options
*/
constructor(options = {}) {
this._options = options;
this._providers = [
new AWS.EnvironmentCredentials(
this._options.hasOwnProperty('envPrefix') ? this._options.envPrefix : 'AWS'
),
new AWS.SharedIniFileCredentials({
profile: this._options.hasOwnProperty('profile') ? this._options.profile : 'default'
}),
AWS.ECSCredentials.prototype.isConfiguredForEcsCredentials()
? new AWS.ECSCredentials() : new AWS.EC2MetadataCredentials()
];
if (this._options.hasOwnProperty('accessKeyId') && this._options.hasOwnProperty('secretAccessKey')) {
this._providers.push(
new AWS.Credentials({
accessKeyId: this._options.accessKeyId,
secretAccessKey: this._options.secretAccessKey
})
);
}
}
/**
* Get AWS Configuration
* @return {Promise}
*/
getConfig() {
return new AWS.CredentialProviderChain(this._providers).resolvePromise().then(credentials => {
let roleArn = this._getRoleArn();
AWS.config.credentials = roleArn
? new AWS.TemporaryCredentials({ RoleArn: roleArn }, credentials)
: credentials;
if (this._options.hasOwnProperty('region')) {
AWS.config.update({ region: this._options.region });
}
return Promise.resolve(AWS);
});
}
/**
* Compose and validate Role ARN
* @return {boolean}
* @private
*/
_getRoleArn() {
let roleArn = this._options.roleArn;
if (this._options.hasOwnProperty('accountId') && this._options.hasOwnProperty('roleName')) {
roleArn = `arn:aws:iam::${this._options.accountId}:role/${this._options.roleName}`
}
return /^arn:aws:iam::[0-9]{12}:role\/[a-zA-Z0-9+=,.@\-_]*$/.test(roleArn) ? roleArn : false;
}
}
module.exports = AwsCredentials;