Assume different user role

[jtallinger]

Hi,

Would it be possible to add support for assuming a different user role?

Key/Secret -> login -> assume role -> create task. Something like this in settings:

user_role_arn: arn:aws:iam::012345678901:role/APP_TEST_QA_SERVICE
task_role_arn: arn:aws:iam::987654321098:role/ecs-executionrole-qa

From command line: $aws sts assume-role --role-arn "${USER_ROLE_ARN}"

Reference: https://github.com/shipt/drone-ecs-deploy/blob/282d911c1035c88f76247a0ef850faff36fd7c4f/ecs-deploy#L108

[jtallinger]

Something like this I suppose.. :)

Using: "github.com/aws/aws-sdk-go/aws/credentials/stscreds" Add new parameter UserRoleArn

var svc *ecs.ECS
sess := session.Must(session.NewSession(&awsConfig))

// If user role ARN is set then assume role here
if len(p.UserRoleArn) > 0 {
    var arnCredentials *credentials.Credentials

    awsConfigArn := aws.Config{Region: aws.String(p.Region)}
    arnCredentials = stscreds.NewCredentials(sess, p.UserRoleArn, func(p *stscreds.AssumeRoleProvider) {})
    awsConfigArn.Credentials = arnCredentials

    svc = ecs.New(sess, &awsConfigArn)
} else {
    svc = ecs.New(sess)
}

[josmo]

Hey @jtallinger I'll take a look when I get a chance (I don't have a cluster to test against right now so I might be a little while) but if you want to try it out and PR it in I'll definitely accept it in if it works :)

[jtallinger]

I'm quite new to both Go and AWS but I've tested this against our QA and Prod environment and it seems to work fine.

Thanks for an excellent plugin!

[josmo]

Closing with merge of #53

[josmo]

version 1.1.1 should have those changes in :)