dynamodb move use standard aws sdk

hashicorp · Sep 25, 2024 · 5390e4a · 5390e4a
1 parent 8d6d26e
commit 5390e4a
Showing 1 changed file with 20 additions and 15 deletions.
diff --git a/physical/dynamodb/dynamodb.go b/physical/dynamodb/dynamodb.go
@@ -18,6 +18,8 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/aws/aws-sdk-go/aws/credentials"
+
 	metrics "github.com/armon/go-metrics"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@@ -27,7 +29,6 @@ import (
 	"github.com/cenkalti/backoff/v3"
 	cleanhttp "github.com/hashicorp/go-cleanhttp"
 	log "github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/go-secure-stdlib/awsutil"
 	uuid "github.com/hashicorp/go-uuid"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/hashicorp/vault/sdk/physical"
@@ -198,30 +199,34 @@ func NewDynamoDBBackend(conf map[string]string, logger log.Logger) (physical.Bac
 		}
 	}
 
-	credsConfig := &awsutil.CredentialsConfig{
-		AccessKey:    conf["access_key"],
-		SecretKey:    conf["secret_key"],
-		SessionToken: conf["session_token"],
-		Logger:       logger,
-	}
-	creds, err := credsConfig.GenerateCredentialChain()
-	if err != nil {
-		return nil, err
-	}
-
 	pooledTransport := cleanhttp.DefaultPooledTransport()
 	pooledTransport.MaxIdleConnsPerHost = consts.ExpirationRestoreWorkerCount
-
 	awsConf := aws.NewConfig().
-		WithCredentials(creds).
 		WithRegion(region).
 		WithEndpoint(endpoint).
 		WithHTTPClient(&http.Client{
 			Transport: pooledTransport,
 		}).
 		WithMaxRetries(dynamodbMaxRetry)
 
-	awsSession, err := session.NewSession(awsConf)
+	if conf["access_key"] != "" && conf["secret_key"] != "" {
+		creds := credentials.NewStaticCredentials(conf["access_key"], conf["secret_key"], conf["session_token"])
+		awsConf.WithCredentials(creds)
+	}
+
+	opt := session.Options{
+		SharedConfigState: session.SharedConfigStateFromEnv,
+		Config:            *awsConf,
+	}
+
+	if os.Getenv("AWS_DEFAULT_PROFILE") != "" && os.Getenv("AWS_SDK_LOAD_CONFIG") != "" {
+		opt.Profile = os.Getenv("AWS_DEFAULT_PROFILE")
+	}
+	if os.Getenv("AWS_PROFILE") != "" {
+		opt.Profile = os.Getenv("AWS_PROFILE")
+	}
+
+	awsSession, err := session.NewSessionWithOptions(opt)
 	if err != nil {
 		return nil, fmt.Errorf("Could not establish AWS session: %w", err)
 	}