Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const { promisify } = require('util');
const AWS = require('aws-sdk');
const { getRegion } = require('../util/getRegion');
const apiVersion = 'latest';
const region = getRegion();
const lambda = new AWS.Lambda({ apiVersion, region });
const api = new AWS.APIGateway({ apiVersion, region });
const dynamo = new AWS.DynamoDB({ apiVersion, region });
const iam = new AWS.IAM();
const sts = new AWS.STS();
// sts
const asyncGetCallerIdentity = promisify(sts.getCallerIdentity.bind(sts));
// lambda
const asyncAddPermission = promisify(lambda.addPermission.bind(lambda));
const asyncRemovePermission = promisify(lambda.removePermission.bind(lambda));
const asyncLambdaDeleteFunction = promisify(lambda.deleteFunction.bind(lambda));
const asyncLambdaCreateFunction = promisify(lambda.createFunction.bind(lambda));
const asyncGetFunction = promisify(lambda.getFunction.bind(lambda));
const asyncLambdaUpdateFunctionCode = promisify(lambda.updateFunctionCode.bind(lambda));
const asyncLambdaUpdateFunctionConfiguration = promisify(
lambda.updateFunctionConfiguration.bind(lambda),
);
const asyncListFunctions = promisify(lambda.listFunctions.bind(lambda));
// Specifies the secret key associated with the access key. This is essentially the "password" for the access key.
core.exportVariable('AWS_SECRET_ACCESS_KEY', secretAccessKey);
// AWS_SESSION_TOKEN:
// Specifies the session token value that is required if you are using temporary security credentials.
if (sessionToken) {
core.exportVariable('AWS_SESSION_TOKEN', sessionToken);
}
// AWS_DEFAULT_REGION and AWS_REGION:
// Specifies the AWS Region to send requests to
core.exportVariable('AWS_DEFAULT_REGION', region);
core.exportVariable('AWS_REGION', region);
// Get the AWS account ID
const sts = new aws.STS({
customUserAgent: 'configure-aws-credentials-for-github-actions'
});
const identity = await sts.getCallerIdentity().promise();
const accountId = identity.Account;
core.setOutput('aws-account-id', accountId);
if (!maskAccountId || maskAccountId.toLowerCase() == 'true') {
core.setSecret(accountId);
}
}
catch (error) {
core.setFailed(error.message);
}
}
'use strict';
const utils = require('./utils');
const AWS = require('aws-sdk');
const iotClient = new AWS.Iot();
const sts = new AWS.STS();
const roleName = 'bombermon-iot';
module.exports.getIoTKeys = (callback) => {
// get the endpoint address
iotClient.describeEndpoint({}, (err, data) => {
if (err) return utils.errorHandler(err, callback);
const iotEndpoint = data.endpointAddress;
// get the account id which will be used to assume a role
sts.getCallerIdentity({}, (err, data) => {
if (err) return utils.errorHandler(err, callback);
const params = {
RoleArn: `arn:aws:iam::${data.Account}:role/${roleName}`,
return new Promise(function(resolve,reject) {
console.log('\n');
role = roles[idx];
var params = {};
if (creds) params.credentials = creds;
var sts = new AWS.STS(params);
var params = {
RoleArn: role.roleArn,
RoleSessionName: sessionName
}
console.log(input);
console.log ("Role ARN == " + role.roleArn);
if (role.externalId) params.ExternalId = role.externalId;
var awsAssumeRolePromise = sts.assumeRole(params).promise();
awsAssumeRolePromise.then(function(data) {
console.log("successfully assumed role, '" + role.roleArn + "'");
//console.log(data);
creds = new AWS.Credentials({
accessKeyId: data.Credentials.AccessKeyId,
secretAccessKey: data.Credentials.SecretAccessKey,
sessionToken: data.Credentials.SessionToken
});
me.findService = function(input) {
var sts = new AWS.STS();
return sts;
}
import { parse } from 'url';
import { flatten, pickBy, mapKeys } from 'lodash';
import createError from '../libs/error';
import loadConfig, { AWS_REGION, validateDocker } from '../config';
import taskCreateBundle from '../libs/createBundle';
import { debug, error, log, success, warning } from '../logger';
import {
getStackOutputs,
getStackResources
} from '../libs/aws/cfn-get-stack-info-helpers';
import { templateStackName } from '../factories/cloudformation';
import { WHITELISTED_HEADERS } from '../factories/cf_cloudfront';
import { templateLambdaRoleName } from '../factories/cf_lambda';
const sts = new AWS.STS({});
const iam = new AWS.IAM({});
const sqs = new AWS.SQS({ apiVersion: '2012-11-05' });
const credentialsCache = new WeakMap();
const CREDENTIALS_DURATION_SECONDS = 3600;
function findApi ({ method, pathname, API_DEFINITIONS }) {
let found = null;
Object.keys(API_DEFINITIONS).forEach(name => {
if (found) return;
const fn = API_DEFINITIONS[name];
const def = fn.api;
if (!def) return;
if (def.path === false) return;
if (typeof def.path === 'undefined') return;
if (def.method !== 'ANY' && (def.method || 'GET') !== method) return;
const defPath = `/${def.path}`;
module.exports = function _02setupRequest(params, callback) {
var sts = new aws.STS
var lambda = new aws.Lambda({region: process.env.AWS_REGION})
var gateway = new aws.APIGateway({region: process.env.AWS_REGION})
assert(params, {
route: String,
httpMethod: String,
deployname: String,
resourceId: String,
restApiId: String,
})
var {httpMethod, deployname, resourceId, restApiId} = params
var vtl = fs.readFileSync(path.join(__dirname, '_request.vtl')).toString()
var vtlForm = fs.readFileSync(path.join(__dirname, '_request-form-post.vtl')).toString()
waterfall([
function _getLambda(callback) {
constructor() {
const { credentials, region } = config
this.sts = new STS({ credentials, region })
}
'use strict';
const yaml = require('js-yaml');
const fs = require('fs');
const config = yaml.safeLoad(fs.readFileSync(__dirname + '/../config.yml', 'utf8'));
const AWS = require('aws-sdk');
const sts = new AWS.STS({apiVersion: '2011-06-15'});
class KmsResources {
constructor(serverless, options) {
this.serverless = serverless;
this.options = options;
this.provider = this.serverless.getProvider('aws');
this.roleName = this.provider.naming.getRoleName();
this.hooks = {
'before:deploy:initialize': () => {
return this.beforeDeployResources(this);
}
};
}
beforeDeployResources(t) {
if (!config.useKms || !config.kmsKeyAlias) {