0

I am trying to get information on CodePipeline via the Rust aws-sdk-codepipeline.

When using my default environment, everything work like a charm:

use aws_sdk_codepipeline as codepipeline;

main() {
   let config = aws_config::load_from_env().await;
   let client = codepipeline::Client::new(&config);

   ...
 }

I am able to run client.list_pipelines(), etc.. and get the data I need. However, I also need to get information on other accounts as well. This is where I turned to aws-sdk-sts to use assume_role.

I have the following code that successfully accomplished that:

use aws_sdk_sts as sts;

main() {
    let assumed_role_output = sts::Client::new(&aws_config::load_from_env().await)
        .assume_role()
        .role_arn("arn:aws:iam::012345678910:role/dev-ops-role")
        .role_session_name("devops")
        .send()
        .await
        .unwrap();

     let credentials = assumed_role_output.credentials().unwrap();

This gives me the &Credentials, but where I am stumped is how to get said credentials into the aws_config so it can be used to create a CodePipeline Client for the assumed role.

Devin Stewart
  • 3,006
  • 1
  • 16
  • 22

1 Answers1

0

Following the AWS Documentation, I came up with the following function to return a config:

async fn assume_role(config: &SdkConfig, role_name: String, session_name: String) -> SdkConfig {
    match config.credentials_provider() {
        Some(credential) => {
            let provider = aws_config::sts::AssumeRoleProvider::builder(role_name)
                .region(Region::from_static("us-east-1"))
                .session_name(session_name)
                .build(credential.clone());
            let local_config = aws_config::from_env()
                .credentials_provider(provider)
                .load()
                .await;
            Some(local_config)
        }
        None => None,
    }
    .unwrap()
Devin Stewart
  • 3,006
  • 1
  • 16
  • 22