github.com/hairyhenderson/gomplate/v4@v4.0.0-pre-2.0.20240520121557-362f058f0c93/docs-src/content/functions/aws.yml (about) 1 ns: aws 2 preamble: | 3 The functions in the `aws` namespace interface with various Amazon Web Services 4 APIs to make it possible for a template to render differently based on the AWS 5 environment and metadata. 6 7 ### Configuring AWS 8 9 A number of environment variables can be used to control how gomplate communicates 10 with AWS APIs. A few are documented here for convenience. See [the `aws-sdk-go` documentation](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html) 11 for details. 12 13 | Environment Variable | Description | 14 | -------------------- | ----------- | 15 | `AWS_ANON` | Set to `true` when accessing services that do not need authentication, such as with public S3 buckets. Not part of the AWS SDK. | 16 | `AWS_TIMEOUT` | _(Default `500`)_ Adjusts timeout for API requests, in milliseconds. Not part of the AWS SDK. | 17 | `AWS_PROFILE` | Profile name the SDK should use when loading shared config from the configuration files. If not provided `default` will be used as the profile name. | 18 | `AWS_REGION` | Specifies where to send requests. See [this list](https://docs.aws.amazon.com/general/latest/gr/rande.html). Note that the region must be set for AWS functions to work correctly, either through this variable, through a configuration profile, or by running on an EC2 instance. | 19 | `AWS_EC2_METADATA_SERVICE_ENDPOINT` | _(Default `http://169.254.169.254`)_ Sets the base address of the instance metadata service. | 20 | `AWS_META_ENDPOINT` _(Deprecated)_ | _(Default `http://169.254.169.254`)_ Sets the base address of the instance metadata service. Use `AWS_EC2_METADATA_SERVICE_ENDPOINT` instead. | 21 funcs: 22 - name: aws.EC2Meta 23 alias: ec2meta 24 released: v1.8.0 25 description: | 26 Queries AWS [EC2 Instance Metadata](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) for information. This only retrieves data in the `meta-data` path -- for data in the `dynamic` path use `aws.EC2Dynamic`. 27 28 For times when running outside EC2, or when the metadata API can't be reached, a `default` value can be provided. 29 pipeline: false 30 arguments: 31 - name: key 32 required: true 33 description: the metadata key to query 34 - name: default 35 required: false 36 description: the default value 37 examples: 38 - | 39 $ echo '{{aws.EC2Meta "instance-id"}}' | gomplate 40 i-12345678 41 - name: aws.EC2Dynamic 42 alias: ec2dynamic 43 released: v1.8.0 44 description: | 45 Queries AWS [EC2 Instance Dynamic Metadata](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) for information. This only retrieves data in the `dynamic` path -- for data in the `meta-data` path use `aws.EC2Meta`. 46 47 For times when running outside EC2, or when the metadata API can't be reached, a `default` value can be provided. 48 pipeline: false 49 arguments: 50 - name: key 51 required: true 52 description: the dynamic metadata key to query 53 - name: default 54 required: false 55 description: the default value 56 examples: 57 - | 58 $ echo '{{ (aws.EC2Dynamic "instance-identity/document" | json).region }}' | gomplate 59 us-east-1 60 - name: aws.EC2Region 61 alias: ec2region 62 released: v1.8.0 63 description: | 64 Queries AWS to get the region. An optional default can be provided, or returns 65 `unknown` if it can't be determined for some reason. 66 pipeline: false 67 arguments: 68 - name: default 69 required: false 70 description: the default value 71 rawExamples: 72 - | 73 _In EC2_ 74 ```console 75 $ echo '{{ aws.EC2Region }}' | ./gomplate 76 us-east-1 77 ``` 78 _Not in EC2_ 79 ```console 80 $ echo '{{ aws.EC2Region }}' | ./gomplate 81 unknown 82 $ echo '{{ aws.EC2Region "foo" }}' | ./gomplate 83 foo 84 ``` 85 - name: aws.EC2Tag 86 alias: ec2tag 87 released: v3.8.0 88 description: | 89 Queries the AWS EC2 API to find the value of the given [user-defined tag](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html). An optional default 90 can be provided. 91 pipeline: false 92 arguments: 93 - name: tag 94 required: true 95 description: the tag to query 96 - name: default 97 required: false 98 description: the default value 99 examples: 100 - | 101 $ echo 'This server is in the {{ aws.EC2Tag "Account" }} account.' | ./gomplate 102 foo 103 - | 104 $ echo 'I am a {{ aws.EC2Tag "classification" "meat popsicle" }}.' | ./gomplate 105 I am a meat popsicle. 106 - name: aws.EC2Tags 107 alias: ec2tags 108 released: v3.8.0 109 description: | 110 Queries the AWS EC2 API to find all the tags/values [user-defined tag](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html). 111 pipeline: false 112 arguments: 113 examples: 114 - | 115 echo '{{ range $key, $value := aws.EC2Tags }}{{(printf "%s=%s\n" $key $value)}}{{ end }}' | ./gomplate 116 Description=foo 117 Name=bar 118 svc:name=foobar 119 - name: aws.KMSEncrypt 120 # released: v4.0.0 121 description: | 122 Encrypt an input string with the AWS Key Management Service (KMS). 123 124 At most 4kb (4096 bytes) of data may be encrypted. 125 126 The resulting ciphertext will be base-64 encoded. 127 128 The `keyID` parameter is used to reference the Customer Master Key to use, 129 and can be: 130 131 - the key's ID (e.g. `1234abcd-12ab-34cd-56ef-1234567890ab`) 132 - the key's ARN (e.g. `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`) 133 - the alias name (aliases must be prefixed with `alias/`, e.g. `alias/ExampleAlias`) 134 - the alias ARN (e.g. `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`) 135 136 For information on creating keys, see [_Creating Keys_](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) 137 138 See [the AWS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) 139 for more details. 140 141 See also [`aws.KMSDecrypt`](#aws-kmsdecrypt). 142 pipeline: true 143 arguments: 144 - name: keyID 145 required: true 146 description: the ID of the Customer Master Key (CMK) to use for encryption 147 - name: input 148 required: true 149 description: the string to encrypt 150 examples: 151 - | 152 $ export CIPHER=$(gomplate -i '{{ aws.KMSEncrypt "alias/gomplate" "hello world" }}') 153 $ gomplate -i '{{ env.Getenv "CIPHER" | aws.KMSDecrypt }}' 154 - name: aws.KMSDecrypt 155 released: v3.4.0 156 description: | 157 Decrypt ciphertext that was encrypted with the AWS Key Management Service 158 (KMS). 159 160 The ciphertext must be base-64 encoded. 161 162 See [the AWS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) 163 for more details. 164 165 See also [`aws.KMSEncrypt`](#aws-kmsencrypt). 166 pipeline: true 167 arguments: 168 - name: input 169 required: true 170 description: the base-64 encoded ciphertext to decrypt 171 examples: 172 - | 173 $ export CIPHER=$(gomplate -i '{{ aws.KMSEncrypt "alias/gomplate" "hello world" }}') 174 $ gomplate -i '{{ env.Getenv "CIPHER" | aws.KMSDecrypt }}' 175 - name: aws.Account 176 released: v3.4.0 177 description: | 178 Returns the currently-authenticated AWS account ID number. 179 180 Wraps the [STS GetCallerIdentity API](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) 181 182 See also [`aws.UserID`](#aws-userid) and [`aws.ARN`](#aws-arn). 183 pipeline: false 184 examples: 185 - | 186 $ gomplate -i 'My account is {{ aws.Account }}' 187 My account is 123456789012 188 - name: aws.ARN 189 released: v3.4.0 190 description: | 191 Returns the AWS ARN (Amazon Resource Name) associated with the current authentication credentials. 192 193 Wraps the [STS GetCallerIdentity API](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) 194 195 See also [`aws.UserID`](#aws-userid) and [`aws.Account`](#aws-account). 196 pipeline: false 197 examples: 198 - | 199 $ gomplate -i 'Calling from {{ aws.ARN }}' 200 Calling from arn:aws:iam::123456789012:user/Alice 201 - name: aws.UserID 202 released: v3.4.0 203 description: | 204 Returns the unique identifier of the calling entity. The exact value 205 depends on the type of entity making the call. The values returned are those 206 listed in the `aws:userid` column in the [Principal table](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable) 207 found on the Policy Variables reference page in the IAM User Guide. 208 209 Wraps the [STS GetCallerIdentity API](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) 210 211 See also [`aws.ARN`](#aws-arn) and [`aws.Account`](#aws-account). 212 pipeline: false 213 examples: 214 - | 215 $ gomplate -i 'I am {{ aws.UserID }}' 216 I am AIDACKCEVSQ6C2EXAMPLE