github.com/coreos/mantle@v0.13.0/platform/api/aws/api.go (about) 1 // Copyright 2016 CoreOS, Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package aws 16 17 import ( 18 "time" 19 20 "github.com/aws/aws-sdk-go/aws" 21 "github.com/aws/aws-sdk-go/aws/client" 22 "github.com/aws/aws-sdk-go/aws/credentials" 23 "github.com/aws/aws-sdk-go/aws/session" 24 "github.com/aws/aws-sdk-go/service/ec2" 25 "github.com/aws/aws-sdk-go/service/iam" 26 "github.com/aws/aws-sdk-go/service/s3" 27 "github.com/aws/aws-sdk-go/service/sts" 28 "github.com/coreos/pkg/capnslog" 29 30 "github.com/coreos/mantle/platform" 31 ) 32 33 var plog = capnslog.NewPackageLogger("github.com/coreos/mantle", "platform/api/aws") 34 35 type Options struct { 36 *platform.Options 37 // The AWS region regional api calls should use 38 Region string 39 40 // The path to the shared credentials file, if not ~/.aws/credentials 41 CredentialsFile string 42 // The profile to use when resolving credentials, if applicable 43 Profile string 44 45 // AccessKeyID is the optional access key to use. It will override all other sources 46 AccessKeyID string 47 // SecretKey is the optional secret key to use. It will override all other sources 48 SecretKey string 49 50 // AMI is the AWS AMI to launch EC2 instances with. 51 // If it is one of the special strings alpha|beta|stable, it will be resolved 52 // to an actual ID. 53 AMI string 54 InstanceType string 55 SecurityGroup string 56 IAMInstanceProfile string 57 } 58 59 type API struct { 60 session client.ConfigProvider 61 ec2 *ec2.EC2 62 iam *iam.IAM 63 s3 *s3.S3 64 opts *Options 65 } 66 67 // New creates a new AWS API wrapper. It uses credentials from any of the 68 // standard credentials sources, including the environment and the profile 69 // configured in ~/.aws. 70 // No validation is done that credentials exist and before using the API a 71 // preflight check is recommended via api.PreflightCheck 72 // Note that this method may modify Options to update the AMI ID 73 func New(opts *Options) (*API, error) { 74 awsCfg := aws.Config{Region: aws.String(opts.Region)} 75 if opts.AccessKeyID != "" { 76 awsCfg.Credentials = credentials.NewStaticCredentials(opts.AccessKeyID, opts.SecretKey, "") 77 } else if opts.CredentialsFile != "" { 78 awsCfg.Credentials = credentials.NewSharedCredentials(opts.CredentialsFile, opts.Profile) 79 } 80 81 sess, err := session.NewSessionWithOptions(session.Options{ 82 SharedConfigState: session.SharedConfigEnable, 83 Profile: opts.Profile, 84 Config: awsCfg, 85 }) 86 if err != nil { 87 return nil, err 88 } 89 90 opts.AMI = resolveAMI(opts.AMI, opts.Region) 91 92 api := &API{ 93 session: sess, 94 ec2: ec2.New(sess), 95 iam: iam.New(sess), 96 s3: s3.New(sess), 97 opts: opts, 98 } 99 100 return api, nil 101 } 102 103 // GC removes AWS resources that are at least gracePeriod old. 104 // It attempts to only operate on resources that were created by a mantle tool. 105 func (a *API) GC(gracePeriod time.Duration) error { 106 return a.gcEC2(gracePeriod) 107 } 108 109 // PreflightCheck validates that the aws configuration provided has valid 110 // credentials 111 func (a *API) PreflightCheck() error { 112 stsClient := sts.New(a.session) 113 _, err := stsClient.GetCallerIdentity(&sts.GetCallerIdentityInput{}) 114 115 return err 116 } 117 118 func (a *API) tagCreatedByMantle(resources []string) error { 119 return a.CreateTags(resources, map[string]string{ 120 "CreatedBy": "mantle", 121 }) 122 }