Credentials fail on Lambda due to unhandled session token

[epiphone]

I came across another omission/bug while deploying my code to AWS Lambda. Basically the following code works locally but fails with a UnrecognizedClientException: The security token included in the request is invalid error when running on Lambda:

import asyncdispatch, atoz/dynamodb_20120810, httpclient, json

let
  body = %* { "TableName": "my-table", ... }
  response = await query.call(body).issueRequest()

Turns out Lambda uses Temporary Security Credentials which, in addition to the usual access key id and secret, includes a session token which should be added to the request as either a header or query parameter. Modifying the above example we get this piece of code that now works on Lambda as well:

let
  body = %* { "TableName": "my-table", ... }
  headers = %* {"X-Amz-Security-Token": os.getEnv("AWS_SESSION_TOKEN")}
  response = await query.call(nil, nil, headers, nil, body).issueRequest()

So I was thinking it might make sense for atoz to include the X-Amz-Security-Token header automatically if the AWS_SESSION_TOKEN env variable is defined. This is what the NodeJS and Python AWS SDKs do too, to my knowledge.

What do you think?

[disruptek]

Sounds great; see what you think of 2606.