Authenticating Go AWS SDK using external id

2022-10-17

Assume · Aws · External-Id · Golang · Roles · Sdk · Tech

1 minute

For self reference:

Sample code as to how to authenticate aws-sdk-go using external ids:

import (
...
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
awssession "github.com/aws/aws-sdk-go/aws/session"
...
)
// Create the session:
sess, _ := awssession.NewSession(&aws.Config{
Region: aws.String("{region}"),
Credentials: credentials.NewStaticCredentials(
"{aws-assume-role-key}",
"{aws-assume-role-secret}",
"",
),
})
// Create the config with external id from session:
cnf := &aws.Config{
Credentials: stscreds.NewCredentials(
sess,
"{arn-to-assume}",
func(p *stscreds.AssumeRoleProvider) {
p.ExternalID = aws.String("{external-id}")
},
),
}
// Now create the desired service from cnf:
svc := iam.New(sess, cnf)
out, err := svc.GetRolePolicy(&iam.GetRolePolicyInput{
RoleName: aws.String("rolename"),
PolicyName: aws.String("policyname"),
})
...
view raw blog_20221017_auth_awssdkgo_extern_id.go hosted with ❤ by GitHub