From 0759576a400ee8e23dcd05d8eb873031fc51b7c8 Mon Sep 17 00:00:00 2001
From: Luke Addison <lukeaddison785@gmail.com>
Date: Sun, 9 Feb 2020 03:34:56 +0000
Subject: [PATCH] Add IRSA support

---
 aws-es-proxy.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/aws-es-proxy.go b/aws-es-proxy.go
index dc1a17ef..e73df14c 100644
--- a/aws-es-proxy.go
+++ b/aws-es-proxy.go
@@ -21,6 +21,7 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/session"
 	v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
@@ -196,6 +197,11 @@ func (p *proxy) getSigner() *v4.Signer {
 		}
 
 		credentials := sess.Config.Credentials
+		awsRoleARN := os.Getenv("AWS_ROLE_ARN")
+		awsWebIdentityTokenFile := os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
+		if awsRoleARN != "" && awsWebIdentityTokenFile != "" {
+			credentials = stscreds.NewWebIdentityCredentials(sess, awsRoleARN, "", awsWebIdentityTokenFile)
+		}
 		p.credentials = credentials
 		logrus.Infoln("Generated fresh AWS Credentials object")
 	}