This is the AWS tutorial for using the go SDK.
There are generally two options for connecting to the AWS console.
- Create an API User using IAM in the AWS Console.
- Save the API User keys.
go get -u github.com/aws/aws-sdk-go/...Need the following permissions.
- AmazonAPIGatewayAdministrator
The key pair, the secret key and access key are used to sign requests sent to AWS on your behalf. What I do is attach a role with full API Gateway permissions to the EC2 instance. The convenient part of this setup is calling services from within EC2 doesn’t require credentials as they are temporarily supplied by default on behalf of the user role attached to the instance. Now calling the EC2 instance from my laptop does required stored credentials, that of the user role attached to EC2. Credentials are available in two options, shared credentials file and a shared configuration file.
The [default] stanza is the default profile the SDK will use unless there is another profile specified. The SDK perfoms a check by searching for an explicitly named profile name in your system’s environment variables. That means, in other words that should you want to use a custom profile set your environment variable, AWS_PROFILE.
Now to attach this role to an EC2 instance.
session is an object that contains configuration information for use by service clients. This information can be the region receiving requests, the profile whose credentials we are using, and many more. Imagine a service client as an object. Caching sessions is important in order to reduce startups of the configuration objects in succession. Therefore service clients should share sessions where it is possible.
// IF SharedConfigState is set to enabled OR the AWS_SDK_LOAD_CONFIG environment variable is set
// THEN additional configuration options from ~/.aws/config (shared configuration file) get used
// HOWEVER the ~/.aws/credentials (shared credentials file) takes precedence
package main
import (
"fmt"
"log"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/s3"
)
func checkErr(e error, errString string) {
if e != nil {
fmt.Print(errString)
log.Fatal(e)
}
}
func main() {
creds := credentials.NewSharedCredentials("/Users/guru/.aws/credentials", "default")
sess, err := session.NewSession(&aws.Config{
Region: aws.String("us-west-2"),
Credentials: creds,
})
checkErr(err, "Could not create session!")
To make calls to an AWS service I have to first create a service client object by constructing one with a session.
NewSessionWithOptions()(session.Options{
// Profile: "profile_name",
// SharedConfigState: SharedConfigStateEnabled,
// })Make a copy of a session.
sessCopy, err := session.NewSession(&aws.Config{
Region: aws.String("us-west-2"),
Credentials: creds,
})with the intent to copy over files from the S3 bucket to the EC2 instance using the AWS CLI tool from within the instance.
Go to S3.
Interacting With S3
make sure the region specified in the session’s configuration is the same as the region chosen during creating the bucket.
s3Svc := s3.New(sess)
buckets, err := s3Svc.ListBuckets(nil)
CheckErr(err, "Could not access buckets!")
for _, bucket := range buckets.Buckets {
log.Printf("Bucket name: %s \n", aws.StringValue(bucket.Name)
}