UNPKG

@softchef/cdk-iot-device-management

Version:

IoT device management is composed of things, thing types, thing groups, jobs, files API services. The constructs can be used independently, that are based on full-managed service to create an API Gateway & Lambda function.

github.com/SoftChef/cdk-iot-device-management

SoftChef/cdk-iot-device-management

94 lines (93 loc) 3.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.fromInstanceMetadata = void 0; const property_provider_1 = require("@aws-sdk/property-provider"); const httpRequest_1 = require("./remoteProvider/httpRequest"); const ImdsCredentials_1 = require("./remoteProvider/ImdsCredentials"); const RemoteProviderInit_1 = require("./remoteProvider/RemoteProviderInit"); const retry_1 = require("./remoteProvider/retry"); const getInstanceMetadataEndpoint_1 = require("./utils/getInstanceMetadataEndpoint"); const IMDS_PATH = "/latest/meta-data/iam/security-credentials/"; const IMDS_TOKEN_PATH = "/latest/api/token"; const fromInstanceMetadata = (init = {}) => { let disableFetchToken = false; const { timeout, maxRetries } = RemoteProviderInit_1.providerConfigFromInit(init); const getCredentials = async (maxRetries, options) => { const profile = (await retry_1.retry(async () => { let profile; try { profile = await getProfile(options); } catch (err) { if (err.statusCode === 401) { disableFetchToken = false; } throw err; } return profile; }, maxRetries)).trim(); return retry_1.retry(async () => { let creds; try { creds = await getCredentialsFromProfile(profile, options); } catch (err) { if (err.statusCode === 401) { disableFetchToken = false; } throw err; } return creds; }, maxRetries); }; return async () => { const endpoint = await getInstanceMetadataEndpoint_1.getInstanceMetadataEndpoint(); if (disableFetchToken) { return getCredentials(maxRetries, { ...endpoint, timeout }); } else { let token; try { token = (await getMetadataToken({ ...endpoint, timeout })).toString(); } catch (error) { if ((error === null || error === void 0 ? void 0 : error.statusCode) === 400) { throw Object.assign(error, { message: "EC2 Metadata token request returned error", }); } else if (error.message === "TimeoutError" || [403, 404, 405].includes(error.statusCode)) { disableFetchToken = true; } return getCredentials(maxRetries, { ...endpoint, timeout }); } return getCredentials(maxRetries, { ...endpoint, headers: { "x-aws-ec2-metadata-token": token, }, timeout, }); } }; }; exports.fromInstanceMetadata = fromInstanceMetadata; const getMetadataToken = async (options) => httpRequest_1.httpRequest({ ...options, path: IMDS_TOKEN_PATH, method: "PUT", headers: { "x-aws-ec2-metadata-token-ttl-seconds": "21600", }, }); const getProfile = async (options) => (await httpRequest_1.httpRequest({ ...options, path: IMDS_PATH })).toString(); const getCredentialsFromProfile = async (profile, options) => { const credsResponse = JSON.parse((await httpRequest_1.httpRequest({ ...options, path: IMDS_PATH + profile, })).toString()); if (!ImdsCredentials_1.isImdsCredentials(credsResponse)) { throw new property_provider_1.CredentialsProviderError("Invalid response received from instance metadata service."); } return ImdsCredentials_1.fromImdsCredentials(credsResponse); };