From 4f00f9db8829fd51dd3e676d8d5a24b511e97fc5 Mon Sep 17 00:00:00 2001
From: Joseph Montanaro <jfmontanaro@modg.org>
Date: Fri, 6 Dec 2019 11:06:17 -0800
Subject: [PATCH] Add support for IAM role when running in ECS

---
 com/credentials.cfc | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/com/credentials.cfc b/com/credentials.cfc
index 0cffdcf..363b56b 100644
--- a/com/credentials.cfc
+++ b/com/credentials.cfc
@@ -7,7 +7,9 @@ component {
     ) {
         variables.api = api;
         variables.iamRolePath = '169.254.169.254/latest/meta-data/iam/security-credentials/';
+        variables.ecsEndpoint = '169.254.170.2';
         variables.iamRole = '';
+        variables.credentialPath = '';
         variables.credentials = resolveCredentials( awsKey, awsSecretKey );
         return this;
     }
@@ -65,10 +67,23 @@ component {
             return credentials;
         }
 
-        // IAM role
+        // IAM role (ECS)
+        var relativeUri = utils.getSystemSetting( 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI', '' );
+        if ( len( relativeUri ) ) {
+            variables.credentialPath = ecsEndpoint & relativeUri;
+            refreshCredentials( credentials );
+        }
+
+        if ( len( credentials.awsKey ) && len( credentials.awsSecretKey ) ) {
+            return credentials;
+        }
+
+
+        // IAM role (EC2)
         try {
             variables.iamRole = requestIamRole();
             if ( iamRole.len() ) {
+                variables.credentialPath = iamRolePath & iamRole;
                 refreshCredentials( credentials );
             }
         } catch ( any e ) {
@@ -98,7 +113,7 @@ component {
     ) {
         var httpArgs = { };
         httpArgs[ 'httpMethod' ] = 'get';
-        httpArgs[ 'path' ] = iamRolePath & iamRole;
+        httpArgs[ 'path' ] = credentialPath;
         httpArgs[ 'useSSL' ] = false;
         var req = api.getHttpService().makeHttpRequest( argumentCollection = httpArgs );
         var data = deserializeJSON( req.filecontent );