Merge pull request #5 from sensu/feature/ec2_region

Add support for getting region from EC2 metadata
sensu · Feb 24, 2021 · 7f05ebc · 7f05ebc
2 parents fb3a509 + 14be93d
commit 7f05ebc
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,9 @@ Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
 
+### Added
+- Added --use-ec2-region for getting region when ran on an EC2 instance
+
 ## [0.3.0] - 2021-01-20
 
 ### Changed

diff --git a/README.md b/README.md
@@ -14,6 +14,7 @@
   - [Handler definition](#handler-definition)
   - [Annotations](#annotations)
   - [AWS Credentials](#aws-credentials)
+  - [Region support](#region-support)
 - [Installation from source](#installation-from-source)
 - [Additional notes](#additional-notes)
 - [Contributing](#contributing)
@@ -42,6 +43,7 @@ Flags:
   -t, --topic-arn string          The SNS Topic ARN
   -m, --message-template string   The template for the message sent via SNS (default "{{.Entity.Name}}/{{.Check.Name}}: {{.Check.State}}")
   -a, --assume-role-arn string    The IAM role to assume upon succssful authentication
+  -u, --use-ec2-region            Query the EC2 metadata for the region to use for SNS
   -h, --help                      help for sensu-aws-sns-handler
 ```
 
@@ -141,6 +143,18 @@ option.
 If you go the route of using environment variables, it is highly suggested you use them via the
 [Env secrets provider][7].
 
+### Region support
+
+The AWS SDK for Go uses the following criteria for determining the AWS region in which to use
+SNS:
+
+1. The AWS_REGION environment variable
+2. The shared configuration file (typically ~/.aws/config)
+
+If running the Sensu backend process on an EC2 instance, this handler also supports using the
+EC2 metadata to determine the region via the `--use-ec2-region` option.
+
+
 ## Installation from source
 
 The preferred way of installing and deploying this plugin is to use it as an Asset. If you would

diff --git a/main.go b/main.go
@@ -6,6 +6,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/sns"
 	"github.com/sensu-community/sensu-plugin-sdk/sensu"
@@ -19,6 +20,7 @@ type Config struct {
 	TopicARN      string
 	Message       string
 	AssumeRoleARN string
+	UseEC2Region  bool
 }
 
 var (
@@ -58,6 +60,15 @@ var (
 			Usage:     "The IAM role to assume upon succssful authentication",
 			Value:     &plugin.AssumeRoleARN,
 		},
+		{
+			Path:      "use-ec2-region",
+			Env:       "",
+			Argument:  "use-ec2-region",
+			Shorthand: "u",
+			Default:   false,
+			Usage:     "Query the EC2 metadata for the region to use for SNS",
+			Value:     &plugin.UseEC2Region,
+		},
 	}
 )
 
@@ -91,12 +102,21 @@ func executeHandler(event *corev2.Event) error {
 		SharedConfigState: session.SharedConfigEnable,
 	}))
 
+	awsConfig := &aws.Config{}
+
+	if plugin.UseEC2Region {
+		ec2md := ec2metadata.New(sess)
+		region, err := ec2md.Region()
+		if err != nil {
+			return fmt.Errorf("Cannot determine region from EC2 metadata: %v", err)
+		}
+		awsConfig.Region = aws.String(region)
+	}
+
 	if arn.IsARN(plugin.AssumeRoleARN) {
-		creds := stscreds.NewCredentials(sess, plugin.AssumeRoleARN)
-		svc = sns.New(sess, &aws.Config{Credentials: creds})
-	} else {
-		svc = sns.New(sess)
+		awsConfig.Credentials = stscreds.NewCredentials(sess, plugin.AssumeRoleARN)
 	}
+	svc = sns.New(sess, awsConfig)
 
 	// message should be a template with a specific default
 	publishOut, err := svc.Publish(&sns.PublishInput{