Skip to content

Commit

Permalink
Check ec2 instance metadata for region (hashicorp#6025)
Browse files Browse the repository at this point in the history
  • Loading branch information
Becca Petrin authored Jan 18, 2019
1 parent 20deed3 commit 794e4e0
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions vault/seal/awskms/awskms.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"sync/atomic"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/aws/aws-sdk-go/service/kms/kmsiface"
Expand Down Expand Up @@ -98,6 +99,21 @@ func (k *AWSKMSSeal) SetConfig(config map[string]string) (map[string]string, err
k.region = region
default:
k.region = "us-east-1"

// If available, get the region from EC2 instance metadata
sess, err := session.NewSession(nil)
if err != nil {
k.logger.Warn(fmt.Sprintf("unable to begin session: %s, defaulting region to %s", err, k.region))
break
}

// This will hang for ~10 seconds if the agent isn't running on an EC2 instance
region, err := ec2metadata.New(sess).Region()
if err != nil {
k.logger.Warn(fmt.Sprintf("unable to retrieve region from ec2 instance metadata: %s, defaulting region to %s", err, k.region))
break
}
k.region = region
}

// Check and set AWS access key, secret key, and session token
Expand Down

0 comments on commit 794e4e0

Please sign in to comment.