Add the ability to assume a role for ec2 discovery

pull/2895/head
Jamie Moore 2017-07-04 16:40:55 +10:00
parent 9b4c3d4254
commit 7a135e0a1b
2 changed files with 11 additions and 1 deletions

View File

@ -1137,6 +1137,7 @@ type EC2SDConfig struct {
AccessKey string `yaml:"access_key,omitempty"` AccessKey string `yaml:"access_key,omitempty"`
SecretKey Secret `yaml:"secret_key,omitempty"` SecretKey Secret `yaml:"secret_key,omitempty"`
Profile string `yaml:"profile,omitempty"` Profile string `yaml:"profile,omitempty"`
RoleARN string `yaml:"role_arn,omitempty"`
RefreshInterval model.Duration `yaml:"refresh_interval,omitempty"` RefreshInterval model.Duration `yaml:"refresh_interval,omitempty"`
Port int `yaml:"port"` Port int `yaml:"port"`

View File

@ -21,6 +21,7 @@ import (
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/aws/session"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/common/log" "github.com/prometheus/common/log"
@ -71,6 +72,7 @@ type Discovery struct {
aws *aws.Config aws *aws.Config
interval time.Duration interval time.Duration
profile string profile string
roleARN string
port int port int
logger log.Logger logger log.Logger
} }
@ -87,6 +89,7 @@ func NewDiscovery(conf *config.EC2SDConfig, logger log.Logger) *Discovery {
Credentials: creds, Credentials: creds,
}, },
profile: conf.Profile, profile: conf.Profile,
roleARN: conf.RoleARN,
interval: time.Duration(conf.RefreshInterval), interval: time.Duration(conf.RefreshInterval),
port: conf.Port, port: conf.Port,
logger: logger, logger: logger,
@ -147,7 +150,13 @@ func (d *Discovery) refresh() (tg *config.TargetGroup, err error) {
return nil, fmt.Errorf("could not create aws session: %s", err) return nil, fmt.Errorf("could not create aws session: %s", err)
} }
ec2s := ec2.New(sess) var ec2s *ec2.EC2
if d.roleARN != "" {
creds := stscreds.NewCredentials(sess, d.roleARN)
ec2s = ec2.New(sess, &aws.Config{Credentials: creds})
} else {
ec2s = ec2.New(sess)
}
tg = &config.TargetGroup{ tg = &config.TargetGroup{
Source: *d.aws.Region, Source: *d.aws.Region,
} }