Skip to content

Commit

Permalink
Merge pull request #57 from alvinlin123/sratch-doesnt-seem-to-te-able…
Browse files Browse the repository at this point in the history
…-to-load-aws-cli-profile

Use alpine image because using scratch base image doesn't seem to work with AWS CLI Profile
  • Loading branch information
roystchiang authored Mar 12, 2022
2 parents 56a12bd + 722add7 commit 8300e60
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 5 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ COPY . .

RUN CGO_ENABLED=0 GOOS=linux go build -o /go/bin/aws-sigv4-proxy

FROM scratch
FROM alpine:latest
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/bin/aws-sigv4-proxy /go/bin/aws-sigv4-proxy

Expand Down
11 changes: 10 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,15 @@ docker run --rm -ti \
docker run --rm -ti \
-v ~/.aws:/root/.aws \
-p 8080:8080 \
-e 'AWS_SDK_LOAD_CONFIG=true' \
-e 'AWS_PROFILE=<SOME PROFILE>' \
aws-sigv4-proxy -v
```

## Examples

S3

```
# us-east-1
curl -s -H 'host: s3.amazonaws.com' http://localhost:8080/<BUCKET_NAME>
Expand All @@ -46,38 +48,46 @@ curl -s -H 'host: s3.<BUCKET_REGION>.amazonaws.com' http://localhost:8080/<BUCKE
```

SQS

```sh
curl -s -H 'host: sqs.<AWS_REGION>.amazonaws.com' 'http://localhost:8080/<AWS_ACCOUNT_ID>/<QUEUE_NAME>?Action=SendMessage&MessageBody=example'
```

API Gateway

```sh
curl -H 'host: <REST_API_ID>.execute-api.<AWS_REGION>.amazonaws.com' http://localhost:8080/<STAGE>/<PATH>
```

Running the service and stripping out sigv2 authorization headers

```sh
docker run --rm -ti \
-v ~/.aws:/root/.aws \
-p 8080:8080 \
-e 'AWS_SDK_LOAD_CONFIG=true' \
-e 'AWS_PROFILE=<SOME PROFILE>' \
aws-sigv4-proxy -v -s Authorization
```

Running the service with Assume Role to use temporary credentials

```sh
docker run --rm -ti \
-v ~/.aws:/root/.aws \
-p 8080:8080 \
-e 'AWS_SDK_LOAD_CONFIG=true' \
-e 'AWS_PROFILE=<SOME PROFILE>' \
aws-sigv4-proxy -v --role-arn <ARN OF ROLE TO ASSUME>
```

Include service name & region overrides when you notice errors like `unable to determine service from host` for API gateway, for example.

```sh
docker run --rm -ti \
-v ~/.aws:/root/.aws \
-p 8080:8080 \
-e 'AWS_SDK_LOAD_CONFIG=true' \
-e 'AWS_PROFILE=<SOME PROFILE>' \
aws-sigv4-proxy -v --name execute-api --region us-east-1
```
Expand All @@ -87,7 +97,6 @@ docker run --rm -ti \
- [AWS SigV4 Signing Docs ](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
- [AWS SigV4 Admission Controller](https://github.com/aws-observability/aws-sigv4-proxy-admission-controller) - Used to install the AWS SigV4 Proxy as a sidecar


## License

This library is licensed under the Apache 2.0 License.
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module aws-sigv4-proxy
go 1.17

require (
github.com/aws/aws-sdk-go v1.34.29
github.com/aws/aws-sdk-go v1.43.16
github.com/sirupsen/logrus v1.0.6
github.com/stretchr/testify v1.2.2
gopkg.in/alecthomas/kingpin.v2 v2.2.6
Expand All @@ -16,7 +16,7 @@ require (
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f // indirect
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
gopkg.in/airbrake/gobrake.v2 v2.0.9 // indirect
gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2 // indirect
gopkg.in/yaml.v2 v2.3.0 // indirect
Expand Down
9 changes: 9 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZq
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/aws/aws-sdk-go v1.34.29 h1:4Yw8eC4nCXiIVmHJO5PD4oh0vI/df5o6cYTVzFV7vWA=
github.com/aws/aws-sdk-go v1.34.29/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48=
github.com/aws/aws-sdk-go v1.43.16 h1:Y7wBby44f+tINqJjw5fLH3vA+gFq4uMITIKqditwM14=
github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
Expand All @@ -25,11 +27,18 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnk
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/airbrake/gobrake.v2 v2.0.9 h1:7z2uVWwn7oVeeugY1DtlPAy5H+KYgB1KeKTnqjNatLo=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
Expand Down
8 changes: 7 additions & 1 deletion main.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@ func main() {
sessionConfig.STSRegionalEndpoint = endpoints.RegionalSTSEndpoint
}

sessionConfig.CredentialsChainVerboseErrors = aws.Bool(shouldLogSigning())

session, err := session.NewSession(&sessionConfig)
if err != nil {
log.Fatal(err)
Expand Down Expand Up @@ -98,7 +100,7 @@ func main() {
}

signer := v4.NewSigner(credentials, func(s *v4.Signer) {
if *logSinging || *debug {
if shouldLogSigning() {
s.Logger = awsLoggerAdapter{}
s.Debug = aws.LogDebugWithSigning
}
Expand Down Expand Up @@ -127,6 +129,10 @@ func main() {
)
}

func shouldLogSigning() bool {
return *logSinging || *debug
}

func roleSessionName() string {
suffix, err := os.Hostname()

Expand Down

0 comments on commit 8300e60

Please sign in to comment.