view release on metacpan or  search on metacpan

lib/Amazon/Credentials.pm  view on Meta::CPAN

files (F<~/.aws/config>, F<~/.aws/credentials>) for your credentials.

=item file - Configuration Files

=over 10

=item ~/.aws/config

=item ~/.aws/credentials

=back

The class will attempt to find the credentials in either of these two
files.  You can also specify a profile to use for looking up the
credentials by passing it into the constructor or setting in an the
environment variable C<AWS_PROFILE>.  If no profile is provided, the
default credentials or the first profile found is used.

 my $aws_creds = new Amazon::Credentials({ order => [qw/environment role file/] });

=item container - Task Role

If the process is running in a container, the container may have a
task role.  We'll look credentials using the container metadata
service.

 http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI

=item role - Instance Role

The class will use the
I<http://169.254.169.254/latest/meta-data/iam/security-credential> URL
to look for an instance role and credentials.

Keep in mind that these credentials include a token that needs to be
passed to Amazon APIs when using the credentials returned when using
instance meta-data.  That token has an expiration and should be
refreshed as required.

 if ( $aws_creds->is_token_expired() ) {
   $aws_creds->refresh_token()
 }

=back

=item region

Default region. The class will attempt to find the region in either
the configuration files or the instance unless you specify the region
in the constructor.

=back

=cut

sub new {
  my $class = shift;
  my $self = $class->SUPER::new(ref($_[0]) ? $_[0] : { @_ });
  
  unless ( $self->get_logger ) {
    $self->set_logger(bless {}, 'Amazon::Credentials::Logger');
  }

  unless ($self->get_user_agent) {
    $self->set_user_agent(new LWP::UserAgent);
  }

  $self->set_profile($ENV{AWS_PROFILE})
    unless $self->get_profile;

  $self->set_region($ENV{AWS_REGION} || $self->get_default_region)
    unless $self->get_region;

  unless ( $self->get_aws_secret_access_key && $self->get_aws_access_key_id ) {
    $self->set_credentials;
  }

  $self;
}

=pod

=head2 get_default_region

Returns the region of the currently running instance.  The constructor
will set the region to this value unless you set your own C<region>
value.  Use C<get_region> to retrieve the value after instantiation or
you can call this method again and it will make a second call to
retrieve the instance metadata.

You can also invoke this as a class method:

 $ AWS_REGION=$(perl -MAmazon::Credentials -e 'print Amazon::Credentials::get_default_region;')

=cut

sub get_default_region {
  my $self = shift;
  
  # try to get credentials from instance role, but we may not be
  # executing on an EC2 or container.
  my $url = AWS_AVAILABILITY_ZONE_URL;
  
  my $ua = ref($self) ? $self->get_user_agent : new LWP::UserAgent;

  my $req = HTTP::Request->new( GET => $url );
     
  my $region = eval {
    my $rsp = $ua->request($req);
      
    # if not 200, then get out of Dodge
    die "could not get availability zone\n"
      unless $rsp->is_success;
    
    my $region = $rsp->content;
    $region =~s/([0-9]+)[a-z]+$/$1/;
    
    $region;
  };
  
  return $region;