bin/check-instance-events.rb in sensu-plugins-aws-18.5.0 vs bin/check-instance-events.rb in sensu-plugins-aws-18.6.0
- old
+ new
@@ -65,17 +65,39 @@
short: '-n',
long: '--include-name',
description: "Includes any offending instance's 'Name' tag in the check output",
default: false
+ option :role,
+ short: '-R ASSUME_ROLE',
+ long: '--assume-role-arn ARN',
+ description: 'IAM Role to assume'
+
def aws_config
{ access_key_id: config[:aws_access_key],
secret_access_key: config[:aws_secret_access_key],
region: config[:aws_region] }
end
def ec2_regions
Aws.partition('aws').regions.map(&:name)
+ end
+
+ def assume_role
+ role_config = aws_config
+
+ # Delete keys so we can use an IAM role
+ role_config.delete(:access_key_id)
+ role_config.delete(:secret_access_key)
+
+ Aws.config[:region] = role_config[:region]
+
+ role_credentials = Aws::AssumeRoleCredentials.new(
+ role_arn: config[:role],
+ role_session_name: 'sensu-monitoring'
+ )
+
+ role_config.merge!(credentials: role_credentials)
end
def run
event_instances = []
aws_config = {}