From 3fbe15a9a83fdfee8c44c00590438c48d9df58e7 Mon Sep 17 00:00:00 2001 From: jlopes1030 <71042747+jlopes1030@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:01:20 -0400 Subject: [PATCH 1/3] Update credentials.cfc to accept token parameter Instance metadata for an IAM Role which includes a token requires you to pass that token with your credentials. This update is along with updates to aws.cfc and con/api.cfc will allow you to pass in the token --- com/credentials.cfc | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/com/credentials.cfc b/com/credentials.cfc index 363b56b..78c4b29 100644 --- a/com/credentials.cfc +++ b/com/credentials.cfc @@ -3,14 +3,15 @@ component { public any function init( string awsKey = '', string awsSecretKey = '', - any api + any api, + string token = '' ) { variables.api = api; variables.iamRolePath = '169.254.169.254/latest/meta-data/iam/security-credentials/'; variables.ecsEndpoint = '169.254.170.2'; variables.iamRole = ''; variables.credentialPath = ''; - variables.credentials = resolveCredentials( awsKey, awsSecretKey ); + variables.credentials = resolveCredentials( awsKey, awsSecretKey, token ); return this; } @@ -36,10 +37,23 @@ component { private function resolveCredentials( awsKey, - awsSecretKey + awsSecretKey, + string token = '' ) { var credentials = defaultCredentials( awsKey, awsSecretKey ); + if(len(token)){ + try { + variables.iamRole = requestIamRole(); + if ( iamRole.len() ) { + variables.credentialPath = iamRolePath & iamRole; + refreshCredentials( credentials ); + } + } catch ( any e ) { + // pass + } + } + if ( len( credentials.awsKey ) && len( credentials.awsSecretKey ) ) { return credentials; } From 82c9d4b1ef7a962d235f11b10a9c641701f4fd7c Mon Sep 17 00:00:00 2001 From: jlopes1030 <71042747+jlopes1030@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:03:02 -0400 Subject: [PATCH 2/3] Update api.cfc --- com/api.cfc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/com/api.cfc b/com/api.cfc index cda1082..3bf61f6 100644 --- a/com/api.cfc +++ b/com/api.cfc @@ -10,11 +10,12 @@ component accessors="true" { required string awsKey, required string awsSecretKey, required string defaultRegion, - struct httpProxy = { server: '', port: 80 } + struct httpProxy = { server: '', port: 80 }, + string token = '' ) { variables.utils = new utils(); variables.httpService = server.keyExists( 'lucee' ) ? new httpLucee( utils, httpProxy ) : new httpColdFusion( utils, httpProxy ); - variables.credentials = new credentials( awsKey, awsSecretKey, this ); + variables.credentials = new credentials( awsKey, awsSecretKey, this, token ); variables.signer = new signature_v4( this ); variables.defaultRegion = arguments.defaultRegion.len() ? arguments.defaultRegion : utils.getSystemSetting( 'AWS_DEFAULT_REGION', From 9b2b923f768ed1744f45d2a5d99998df0186faaf Mon Sep 17 00:00:00 2001 From: jlopes1030 <71042747+jlopes1030@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:04:26 -0400 Subject: [PATCH 3/3] Update aws.cfc --- aws.cfc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/aws.cfc b/aws.cfc index 2a63c4c..a7f6a11 100644 --- a/aws.cfc +++ b/aws.cfc @@ -54,7 +54,8 @@ component { string defaultRegion = '', struct constructorArgs = { }, struct httpProxy = { server: '', port: 80 }, - string libraryMapping = '' + string libraryMapping = '', + string token = '' ) { if ( len( arguments.libraryMapping ) && mid( arguments.libraryMapping, len( arguments.libraryMapping ), 1 ) != '.' ) { arguments.libraryMapping &= '.'; @@ -65,7 +66,8 @@ component { awsSecretKey, defaultRegion, httpProxy, - libraryMapping + libraryMapping, + token ); for ( var service in variables.services ) {