adds support for AWS IAM roles

Signed-off-by: Simon Thulbourn <simon+github@thulbourn.com>

README.md

@@ -107,6 +107,7 @@ Options:
  - `--amazonec2-region`: The region to use when launching the instance.  Default: `us-east-1`
  - `--amazonec2-root-size`: The root disk size of the instance (in GB).  Default: `16`
  - `--amazonec2-secret-key`: Your secret access key for the Amazon Web Services API.
+ - `--amazonec2-session-token`: Your session token for the Amazon Web Services API.
  - `--amazonec2-vpc-id`: Your VPC ID to launch the instance in.
  - `--amazonec2-zone`: The AWS zone launch the instance in (i.e. one of a,b,c,d,e).
 

drivers/amazonec2/amazonec2.go

@@ -33,6 +33,7 @@ type Driver struct {
 	Id              string
 	AccessKey       string
 	SecretKey       string
+	SessionToken    string
 	Region          string
 	AMI             string
 	SSHKeyID        int
@@ -40,6 +41,7 @@ type Driver struct {
 	InstanceId      string
 	InstanceType    string
 	IPAddress       string
+	MachineName     string
 	SecurityGroupId string
 	ReservationId   string
 	RootSize        int64
@@ -81,6 +83,12 @@ func GetCreateFlags() []cli.Flag {
 			Value:  "",
 			EnvVar: "AWS_SECRET_ACCESS_KEY",
 		},
+		cli.StringFlag{
+			Name:   "amazonec2-session-token",
+			Usage:  "AWS Session Token",
+			Value:  "",
+			EnvVar: "AWS_SESSION_TOKEN",
+		},
 		cli.StringFlag{
 			Name:   "amazonec2-ami",
 			Usage:  "AWS machine image",
@@ -134,6 +142,7 @@ func NewDriver(storePath string) (drivers.Driver, error) {
 func (d *Driver) SetConfigFromFlags(flags drivers.DriverOptions) error {
 	d.AccessKey = flags.String("amazonec2-access-key")
 	d.SecretKey = flags.String("amazonec2-secret-key")
+	d.SessionToken = flags.String("amazonec2-session-token")
 	d.AMI = flags.String("amazonec2-ami")
 	d.Region = flags.String("amazonec2-region")
 	d.InstanceType = flags.String("amazonec2-instance-type")
@@ -422,7 +431,7 @@ func (d *Driver) GetSSHCommand(args ...string) (*exec.Cmd, error) {
 }
 
 func (d *Driver) getClient() *amz.EC2 {
-	auth := amz.GetAuth(d.AccessKey, d.SecretKey)
+	auth := amz.GetAuth(d.AccessKey, d.SecretKey, d.SessionToken)
 	return amz.NewEC2(auth, d.Region)
 }
 

drivers/amazonec2/amz/auth.go

@@ -1,9 +1,9 @@
 package amz
 
 type Auth struct {
-	AccessKey, SecretKey string
+	AccessKey, SecretKey, SessionToken string
 }
 
-func GetAuth(accessKey, secretKey string) Auth {
+func GetAuth(accessKey, secretKey, sessionToken string) Auth {
-	return Auth{accessKey, secretKey}
+	return Auth{accessKey, secretKey, sessionToken}
 }

drivers/amazonec2/amz/ec2.go

@@ -152,6 +152,7 @@ func (e *EC2) awsApiCall(v url.Values) (http.Response, error) {
 	awsauth.Sign(req, awsauth.Credentials{
 		AccessKeyID:     e.Auth.AccessKey,
 		SecretAccessKey: e.Auth.SecretKey,
+		SecurityToken:   e.Auth.SessionToken,
 	})
 	resp, err := client.Do(req)
 	if err != nil {