pull aws region from ec2 metadata

2025-08-08 22:36:41 +02:00 · 2019-07-14 01:07:14 -08:00
parent 8f5ff1ec1e
commit 5276254db5
5 changed files with 62 additions and 21 deletions
--- a/cmd/web-api/main.go
+++ b/cmd/web-api/main.go
@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"expvar"
 	"fmt"
-	"geeks-accelerator/oss/saas-starter-kit/internal/platform/web"
 	"log"
 	"net"
 	"net/http"
@ -19,6 +18,8 @@ import (
 	"syscall"
 	"time"

+	"geeks-accelerator/oss/saas-starter-kit/internal/platform/web"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"geeks-accelerator/oss/saas-starter-kit/cmd/web-api/docs"
 	"geeks-accelerator/oss/saas-starter-kit/cmd/web-api/handlers"
 	"geeks-accelerator/oss/saas-starter-kit/internal/mid"
@ -121,7 +122,7 @@ func main() {
 		Aws struct {
 			AccessKeyID                string `envconfig:"AWS_ACCESS_KEY_ID"`              // WEB_API_AWS_AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY_ID
 			SecretAccessKey            string `envconfig:"AWS_SECRET_ACCESS_KEY" json:"-"` // don't print
-			Region                     string `default:"us-east-1" envconfig:"AWS_REGION"`
+			Region                     string `default:"us-west-2" envconfig:"AWS_REGION"`
 			S3BucketPrivate            string `envconfig:"S3_BUCKET_PRIVATE"`
 			S3BucketPublic             string `envconfig:"S3_BUCKET_PUBLIC"`
 			SecretsManagerConfigPrefix string `default:"" envconfig:"SECRETS_MANAGER_CONFIG_PREFIX"`
@ -168,6 +169,20 @@ func main() {
 	if cfg.Aws.UseRole {
 		cfg.Aws.AccessKeyID = ""
 		cfg.Aws.SecretAccessKey = ""
+
+		// Get an AWS session from an implicit source if no explicit
+		// configuration is provided. This is useful for taking advantage of
+		// EC2/ECS instance roles.
+		if cfg.Aws.Region == "" {
+			sess := session.Must(session.NewSession())
+			md := ec2metadata.New(sess)
+
+			var err error
+			cfg.Aws.Region, err = md.Region()
+			if err != nil {
+				log.Fatalf("main : Load region of ecs metadata : %+v", err)
+			}
+		}
 	}

 	// Set the default AWS Secrets Manager prefix used for name to store config files that will be persisted across
--- a/cmd/web-app/main.go
+++ b/cmd/web-app/main.go
@ -6,11 +6,7 @@ import (
 	"encoding/json"
 	"expvar"
 	"fmt"
-	"geeks-accelerator/oss/saas-starter-kit/internal/mid"
-	"golang.org/x/crypto/acme"
-	"golang.org/x/crypto/acme/autocert"
-	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer"
-	"html/template"
+		"html/template"
 	"log"
 	"net"
 	"net/http"
@ -24,6 +20,11 @@ import (
 	"syscall"
 	"time"

+	"geeks-accelerator/oss/saas-starter-kit/internal/mid"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"golang.org/x/crypto/acme"
+	"golang.org/x/crypto/acme/autocert"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer"
 	"geeks-accelerator/oss/saas-starter-kit/cmd/web-app/handlers"
 	"geeks-accelerator/oss/saas-starter-kit/internal/platform/devops"
 	"geeks-accelerator/oss/saas-starter-kit/internal/platform/flag"
@ -112,7 +113,7 @@ func main() {
 		Aws struct {
 			AccessKeyID                string `envconfig:"AWS_ACCESS_KEY_ID"`              // WEB_API_AWS_AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY_ID
 			SecretAccessKey            string `envconfig:"AWS_SECRET_ACCESS_KEY" json:"-"` // don't print
-			Region                     string `default:"us-east-1" envconfig:"AWS_REGION"`
+			Region                     string `default:"us-west-2" envconfig:"AWS_REGION"`
 			S3BucketPrivate            string `envconfig:"S3_BUCKET_PRIVATE"`
 			S3BucketPublic             string `envconfig:"S3_BUCKET_PUBLIC"`
 			SecretsManagerConfigPrefix string `default:"" envconfig:"SECRETS_MANAGER_CONFIG_PREFIX"`
@ -159,6 +160,20 @@ func main() {
 	if cfg.Aws.UseRole {
 		cfg.Aws.AccessKeyID = ""
 		cfg.Aws.SecretAccessKey = ""
+
+		// Get an AWS session from an implicit source if no explicit
+		// configuration is provided. This is useful for taking advantage of
+		// EC2/ECS instance roles.
+		if cfg.Aws.Region == "" {
+			sess := session.Must(session.NewSession())
+			md := ec2metadata.New(sess)
+
+			var err error
+			cfg.Aws.Region, err = md.Region()
+			if err != nil {
+				log.Fatalf("main : Load region of ecs metadata : %+v", err)
+			}
+		}
 	}

 	// Set the default AWS Secrets Manager prefix used for name to store config files that will be persisted across
--- a/tools/schema/cmd/migrate.go
+++ b/tools/schema/cmd/migrate.go
@ -1 +0,0 @@
-package cmd
--- a/tools/schema/cmd/models.go
+++ b/tools/schema/cmd/models.go
@ -1,12 +0,0 @@
-package cmd
-
-// DB mimics the general info needed for services used to define placeholders.
-type DB struct {
-	Host       string
-	User       string
-	Pass       string
-	Database   string
-	Driver     string
-	DisableTLS bool
-}
-
--- a/tools/schema/main.go
+++ b/tools/schema/main.go
@ -24,6 +24,17 @@ var build = "develop"
 // ie: export SCHEMA_ENV=dev
 var service = "SCHEMA"

+// DB defines the database credentials stored in AWS Secrets Manager as defined by devops.
+type DB struct {
+	Host       string
+	User       string
+	Pass       string
+	Database   string
+	Driver     string
+	DisableTLS bool
+}
+
+
 func main() {
 	// =========================================================================
 	// Logging
@ -43,6 +54,19 @@ func main() {
 			Timezone   string `default:"utc" envconfig:"TIMEZONE"`
 			DisableTLS bool   `default:"true" envconfig:"DISABLE_TLS"`
 		}
+		Project struct {
+			Name       string `default:"saas-starter-kit" envconfig:"Name"`
+		}
+		Aws struct {
+			AccessKeyID                string `envconfig:"AWS_ACCESS_KEY_ID"`              // WEB_API_AWS_AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY_ID
+			SecretAccessKey            string `envconfig:"AWS_SECRET_ACCESS_KEY" json:"-"` // don't print
+			Region                     string `default:"us-east-1" envconfig:"AWS_REGION"`
+
+			// Get an AWS session from an implicit source if no explicit
+			// configuration is provided. This is useful for taking advantage of
+			// EC2/ECS instance roles.
+			UseRole bool `envconfig:"AWS_USE_ROLE"`
+		}
 	}

 	// For additional details refer to https://github.com/kelseyhightower/envconfig