[load-creds-from-ec2-role] update aws elasticsearch output plugin to …

…load credentials from IAM role attached to an EC2 instance
sematext · Oct 29, 2021 · 53c2858 · 53c2858
1 parent 0216c60
commit 53c2858
Showing 1 changed file with 69 additions and 23 deletions.
diff --git a/lib/plugins/output/aws-elasticsearch.js b/lib/plugins/output/aws-elasticsearch.js
@@ -20,30 +20,76 @@ output:
   awsConfigFile: ./aws-config.json
 */
 
+
+
+
 function OutputAwsElasticsearch (config, eventEmitter) {
-  this.config = config
-  this.eventEmitter = eventEmitter
-  // read global AWS settings if the plugin has no local AWS settings
-  var auth = config.auth
-  var awsConfigFile = config.awsConfigFile
-  if (!config.auth && config.configFile.aws && config.configFile.aws.auth) {
-    auth = config.configFile.aws.auth
-  }
-  if (
-    !config.awsConfigFile &&
-    config.configFile.aws &&
-    config.configFile.aws.awsConfigFile
-  ) {
-    awsConfigFile = config.configFile.aws.awsConfigFile
-  }
-  var esClientConfig = {
-    log: config.log,
-    host: config.url,
-    auth: auth,
-    connectionClass: config.awsConfigFile ? require('http-aws-es') : undefined,
-    awsConfig: AWS.config.loadFromPath(awsConfigFile)
-  }
-  this.client = new elasticsearch.Client(esClientConfig)
+
+
+  AWS.config.getCredentials(function(err) {
+    if (err) {
+        console.log(err.stack);
+    }
+    else {
+
+      let aws_id = null;
+      let aws_secret = null;
+      // Loading configurations using the role attached to ec2 instance 
+      if (AWS.config.credentials.hasOwnProperty('accessKeyId')) {
+        console.log("Access Key:", AWS.config.credentials.accessKeyId);
+        aws_id = AWS.config.credentials.accessKeyId;
+      }
+      // if (AWS.config.credentials.metadata.hasOwnProperty('SecretAccessKey')) {
+      if (AWS.config.credentials.hasOwnProperty('metadata')) {
+        aws_secret = AWS.config.credentials.metadata.SecretAccessKey
+      }
+
+      // if role is attached to ec2 instance
+      if ((aws_id) && (aws_secret)) {
+        aws_role_credentials = {
+          "accessKeyId": aws_id,
+          "secretAccessKey": aws_secret
+        }
+
+        var esClientConfig = {
+          log: config.log,
+          host: config.url,
+          auth: auth,
+          connectionClass: config.awsConfigFile ? require('http-aws-es') : undefined,
+          awsConfig: aws_role_credentials
+        }
+      } 
+
+      else {
+
+        this.config = config
+        this.eventEmitter = eventEmitter
+        // read global AWS settings if the plugin has no local AWS settings
+
+        var auth = config.auth
+        var awsConfigFile = config.awsConfigFile
+        if (!config.auth && config.configFile.aws && config.configFile.aws.auth) {
+          auth = config.configFile.aws.auth
+        }
+        if (
+          !config.awsConfigFile &&
+          config.configFile.aws &&
+          config.configFile.aws.awsConfigFile
+        ) {
+          awsConfigFile = config.configFile.aws.awsConfigFile
+        }
+        var esClientConfig = {
+          log: config.log,
+          host: config.url,
+          auth: auth,
+          connectionClass: config.awsConfigFile ? require('http-aws-es') : undefined,
+          awsConfig: AWS.config.loadFromPath(awsConfigFile)
+        }
+      }
+
+      this.client = new elasticsearch.Client(esClientConfig)
+        }
+      })
 }
 
 OutputAwsElasticsearch.prototype.eventHandler = function (data, context) {