Netflix · gopalharis · Jun 21, 2017 · Jun 21, 2017
diff --git a/src/main/resources/edda.properties b/src/main/resources/edda.properties
@@ -50,7 +50,7 @@
 # Set the region for the AWS endpoints
 #
 #
-edda.region=us-west-1
+edda.region=us-east-1
 
 #
 # Set a region for a specific account
@@ -66,8 +66,10 @@ edda.region=us-west-1
 #
 # Set aws access keys, leave unset to use the default aws credential provider chain
 #
-# edda.aws.accessKey=
-# edda.aws.secretKey=
+edda.aws.accessKey=
+edda.aws.secretKey=
+edda.aws.assumeRoleArn=
+edda.aws.assumerole.enabled=true
 
 #
 # Set aws keys per account

diff --git a/src/main/scala/com/netflix/edda/Crawler.scala b/src/main/scala/com/netflix/edda/Crawler.scala
@@ -64,6 +64,7 @@ abstract class Crawler extends Observable {
   lazy val throttle_delay = Utils.getProperty("edda.crawler", "throttle.delay", name, "200")
   lazy val retry_max = Utils.getProperty("edda.crawler", "throttle.maxDelayMultiplier", name, "225")
   lazy val request_delay = Utils.getProperty("edda.crawler", "requestDelay", name, "0")
+  lazy val assumeRoleEnabled = Utils.getProperty("edda.aws", "assumerole.enabled", name, "false").get.toBoolean
 
   /* number of retries attempted */
   var retry_count = 0

diff --git a/src/main/scala/com/netflix/edda/aws/AwsClient.scala b/src/main/scala/com/netflix/edda/aws/AwsClient.scala
@@ -56,6 +56,7 @@ object AwsClient {
         new STSAssumeRoleSessionCredentialsProvider(provider, arn, "edda")
     }
   }
+
 }
 
 
@@ -67,6 +68,8 @@ object AwsClient {
 class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
 
   var account = ""
+  val awsAccessKey = Utils.getProperty("edda", "aws.accessKey", account, "").get
+  val awsSecretKey = Utils.getProperty("edda", "aws.secretKey", account, "").get
 
   /** uses [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/AWSCredentials.html com.amazonaws.auth.AWSCredentials]] to create AWSCredentialsProvider
     *
@@ -99,6 +102,14 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
     this(AwsClient.mkCredentialProvider(accessKey,secretKey, ""), region)
 
 
+  /* Basic Credintial Provider */
+  def getBasicCredsProvider = {
+    new AWSCredentialsProvider() {
+      def getCredentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey)
+      def refresh = {}
+    }
+  }
+
   /** generate a resource arn */
   def arn(resourceAPI: String, resourceType: String, resourceName: String): String = {
     "arn:aws:" + resourceAPI + ":" + region + ":" + account + ":" + resourceType + arnSeperator(resourceType) + resourceName
@@ -120,36 +131,41 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
   }
 
   /** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/ec2/AmazonEC2Client.html com.amazonaws.services.ec2.AmazonEC2Client]] object */
-  def ec2 = {
-    val client = new AmazonEC2Client(provider)
+  def ec2(needAssumeRoleProvider : Boolean = false) = {
+    val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonEC2Client(credsProvider)
     client.setEndpoint("ec2." + region + ".amazonaws.com")
     client
   }
 
   /** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/autoscaling/AmazonAutoScalingClient.html com.amazonaws.services.autoscaling.AmazonAutoScalingClient]] object */
-  def asg = {
-    val client = new AmazonAutoScalingClient(provider)
+  def asg(needAssumeRoleProvider : Boolean = false) = {
+    val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonAutoScalingClient(credsProvider)
     client.setEndpoint("autoscaling." + region + ".amazonaws.com")
     client
   }
 
   /** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/elasticloadbalancing/AmazonElasticLoadBalancingClient.html com.amazonaws.services.elasticloadbalancing.AmazonElasticLoadBalancingClient]] object */
-  def elb = {
-    val client = new AmazonElasticLoadBalancingClient(provider)
+  def elb(needAssumeRoleProvider : Boolean = false) = {
+    val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonElasticLoadBalancingClient(credsProvider)
     client.setEndpoint("elasticloadbalancing." + region + ".amazonaws.com")
     client
   }
 
   /** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/elasticloadbalancingv2/AmazonElasticLoadBalancingClient.html com.amazonaws.services.elasticloadbalancingv2.AmazonElasticLoadBalancingClient]] object */
-  def elbv2 = {
-    val client = new AmazonElasticLoadBalancingV2Client(provider)
+  def elbv2(needAssumeRoleProvider : Boolean = false) = {
+    val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonElasticLoadBalancingV2Client(credsProvider)
     client.setEndpoint("elasticloadbalancing." + region + ".amazonaws.com")
     client
   }
 
   /** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3Client.html com.amazonaws.services.s3.AmazonS3Client]] object */
-  def s3 = {
-    val client = new AmazonS3Client(provider)
+  def     s3(needAssumeRoleProvider : Boolean = false) = {
+    val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonS3Client(credsProvider)
     if (region == "us-east-1")
       client.setEndpoint("s3.amazonaws.com")
     else
@@ -158,8 +174,9 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
   }
 
   /** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/identitymanagement/AmazonIdentityManagementClient.html com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient]] object */
-  def identitymanagement = {
-    val client = new AmazonIdentityManagementClient(provider)
+  def identitymanagement(needAssumeRoleProvider : Boolean = false) = {
+    val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonIdentityManagementClient(credsProvider)
     if (region == "us-gov")
       client.setEndpoint("iam.us-gov.amazonaws.com")
     else
@@ -168,46 +185,53 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
   }
 
   /** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/sqs/AmazonSQSClient.html com.amazonaws.services.sqs.AmazonSQSClient]] object */
-  def sqs = {
-    val client = new AmazonSQSClient(provider)
+  def sqs(needAssumeRoleProvider : Boolean = false) = {
+    val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonSQSClient(credsProvider)
     client.setEndpoint("sqs." + region + ".amazonaws.com")
     client
   }
 
   /** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloudwatch/AmazonCloudWatchClient.html com.amazonaws.services.cloudwatch.AmazonCloudWatchClient]] object */
-  def cw = {
-    val client = new AmazonCloudWatchClient(provider)
+  def cw(needAssumeRoleProvider : Boolean = false) = {
+    val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonCloudWatchClient(credsProvider)
     client.setEndpoint("monitoring." + region + ".amazonaws.com")
     client
   }
 
    /** get [[http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/route53/AmazonRoute53Client.html com.amazonaws.services.route53.AmazonRoute53Client]] object */
-   def route53 = {
-      val client = new AmazonRoute53Client(provider)
+   def route53(needAssumeRoleProvider : Boolean = false) = {
+     val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+      val client = new AmazonRoute53Client(credsProvider)
       client.setEndpoint("route53.amazonaws.com")
       client
    }
 
-   def rds = {
-     val client = new AmazonRDSClient(provider)
+   def rds(needAssumeRoleProvider : Boolean = false) = {
+     val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+     val client = new AmazonRDSClient(credsProvider)
      client.setEndpoint("rds." + region + ".amazonaws.com")
      client
    }
 
-   def elasticache = {
-    val client = new AmazonElastiCacheClient(provider)
+   def elasticache(needAssumeRoleProvider : Boolean = false) = {
+     val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonElastiCacheClient(credsProvider)
     client.setEndpoint("elasticache." + region + ".amazonaws.com")
     client
    }
 
-   def dynamo = {
-     val client = new AmazonDynamoDBClient(provider)
+   def dynamo(needAssumeRoleProvider : Boolean = false) = {
+     val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+     val client = new AmazonDynamoDBClient(credsProvider)
      client.setEndpoint("dynamodb." + region + ".amazonaws.com")
      client
    }
 
-   def cloudformation = {
-    val client = new AmazonCloudFormationClient(provider)
+   def cloudformation(needAssumeRoleProvider : Boolean = false) = {
+     val credsProvider = if(needAssumeRoleProvider) provider else getBasicCredsProvider
+    val client = new AmazonCloudFormationClient(credsProvider)
     client.setEndpoint("cloudformation." + region + ".amazonaws.com")
     client
    }