From 9b9c3c160a08d4d9f2a27a97991c6fff6d37bc5a Mon Sep 17 00:00:00 2001
From: tluimes <tluimes@gmail.com>
Date: Wed, 20 Jan 2021 17:00:58 -0500
Subject: [PATCH 1/2] add session token for AWS credentials

---
 provision/ec2.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/provision/ec2.go b/provision/ec2.go
index 3b8f332..326e807 100644
--- a/provision/ec2.go
+++ b/provision/ec2.go
@@ -18,10 +18,10 @@ type EC2Provisioner struct {
 }
 
 // NewEC2Provisioner creates an EC2Provisioner and initialises an EC2 client
-func NewEC2Provisioner(region, accessKey, secretKey string) (*EC2Provisioner, error) {
+func NewEC2Provisioner(region, accessKey, secretKey, sessionToken string) (*EC2Provisioner, error) {
 	sess, err := session.NewSession(&aws.Config{
 		Region:      aws.String(region),
-		Credentials: credentials.NewStaticCredentials(accessKey, secretKey, ""),
+		Credentials: credentials.NewStaticCredentials(accessKey, secretKey, sessionToken),
 	})
 	svc := ec2.New(sess)
 	return &EC2Provisioner{ec2Provisioner: svc}, err

From 1ad7893daa0b019de3d5aceb78e652380381e6e7 Mon Sep 17 00:00:00 2001
From: tluimes <tluimes@gmail.com>
Date: Thu, 21 Jan 2021 09:50:00 -0500
Subject: [PATCH 2/2] use default credential chain if credentials not set

Signed-off-by: Tim Luimes <tluimes@gmail.com>
---
 provision/ec2.go | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/provision/ec2.go b/provision/ec2.go
index 326e807..87430f2 100644
--- a/provision/ec2.go
+++ b/provision/ec2.go
@@ -17,12 +17,17 @@ type EC2Provisioner struct {
 	ec2Provisioner *ec2.EC2
 }
 
-// NewEC2Provisioner creates an EC2Provisioner and initialises an EC2 client
-func NewEC2Provisioner(region, accessKey, secretKey, sessionToken string) (*EC2Provisioner, error) {
-	sess, err := session.NewSession(&aws.Config{
-		Region:      aws.String(region),
-		Credentials: credentials.NewStaticCredentials(accessKey, secretKey, sessionToken),
-	})
+// NewEC2Provisioner creates an EC2Provisioner and initialises an EC2 client,
+// when accessKey and secretKey are "" default credential chain is used
+func NewEC2Provisioner(region, accessKey, secretKey string) (*EC2Provisioner, error) {
+	awsConfig := &aws.Config{Region: aws.String(region)}
+
+	if accessKey != "" && secretKey != "" {
+		awsConfig.Credentials = credentials.NewStaticCredentials(accessKey, secretKey, "")
+	}
+
+	sess, err := session.NewSession(awsConfig)
+
 	svc := ec2.New(sess)
 	return &EC2Provisioner{ec2Provisioner: svc}, err
 }