Skip to content

Commit

Permalink
feat(aws-lambda) separate aws credential cache in aws-lambda plugin b…
Browse files Browse the repository at this point in the history 
…y plugin identifier in config (#8907)

This PR is trying to separate AWS credential cache keys which are used by different aws-lambda plugins, by adding a plugin identifier in the mlcache key name.

Users might want to enable multiple aws-lambda plugins, targeting at different IAM roles and different lambda functions. Under this situation credential cache must be separated to avoid mutual overwrite.

FTI-3291
  • Loading branch information
@windmgc
windmgc authored Jun 9, 2022
1 parent 8851688 commit f6dbea4
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions kong/plugins/aws-lambda/handler.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ local kong = kong

local VIA_HEADER = constants.HEADERS.VIA
local VIA_HEADER_VALUE = meta._NAME .. "/" .. meta._VERSION
local IAM_CREDENTIALS_CACHE_KEY = "plugin.aws-lambda.iam_role_temp_creds"
local IAM_CREDENTIALS_CACHE_KEY_PATTERN = "plugin.aws-lambda.iam_role_temp_creds.%s"
local AWS_PORT = 443
local AWS_REGION do
AWS_REGION = os.getenv("AWS_REGION") or os.getenv("AWS_DEFAULT_REGION")
Expand Down Expand Up @@ -264,8 +264,9 @@ function AWSLambdaHandler:access(conf)

if not conf.aws_key then
-- no credentials provided, so try the IAM metadata service
local iam_role_cred_cache_key = fmt(IAM_CREDENTIALS_CACHE_KEY_PATTERN, conf.aws_assume_role_arn or "default")
local iam_role_credentials = kong.cache:get(
IAM_CREDENTIALS_CACHE_KEY,
iam_role_cred_cache_key,
nil,
fetch_aws_credentials,
aws_conf
Expand Down

0 comments on commit f6dbea4

Please sign in to comment.