Skip to content

Commit

Permalink
Add role session name option and use instead of worker_id
Browse files Browse the repository at this point in the history
  • Loading branch information
@sihil
sihil committed Jan 2, 2019
1 parent 5813e32 commit 56722bf
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
3 changes: 3 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@ account. This role will be assumed after the default credentials or profile cred
this is empty and a role will not be assumed.
* **required**: false
* **default value**: `""`
* `role_session_name`: Session name to use when assuming an IAM role. This is recorded in CloudTrail logs for example.
* **required**: false
* **default value**: `"logstash"`
* `initial_position_in_stream`: The value for initialPositionInStream. Accepts "TRIM_HORIZON" or "LATEST".
* **required**: false
* **default value**: `"TRIM_HORIZON"`
Expand Down
10 changes: 7 additions & 3 deletions lib/logstash/inputs/kinesis.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,14 @@ class LogStash::Inputs::Kinesis < LogStash::Inputs::Base
# Select AWS profile for input
config :profile, :validate => :string

# Assume a different role using STS, for example if the stream is in a different AWS account
# The AWS IAM Role to assume, if any.
# This is used to generate temporary credentials typically for cross-account access.
# See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html for more information.
config :role_arn, :validate => :string

# Session name to use when assuming an IAM role
config :role_session_name, :validate => :string, :default => "logstash"

# Select initial_position_in_stream. Accepts TRIM_HORIZON or LATEST
config :initial_position_in_stream, :validate => ["TRIM_HORIZON", "LATEST"], :default => "TRIM_HORIZON"

Expand Down Expand Up @@ -91,8 +96,7 @@ def register

# If a role ARN is set then assume the role as a new layer over the credentials already created
unless @role_arn.nil?
session_id = "worker" + worker_id
kinesis_creds = com.amazonaws.auth::STSAssumeRoleSessionCredentialsProvider.new(creds, @role_arn, session_id)
kinesis_creds = com.amazonaws.auth::STSAssumeRoleSessionCredentialsProvider.new(creds, @role_arn, @role_session_name)
else
kinesis_creds = creds
end
Expand Down

0 comments on commit 56722bf

Please sign in to comment.