Use AWS SDK Version 2

cmd/mfaws.go

@@ -1,6 +1,7 @@
 package cmd
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -27,7 +28,8 @@ var rootCmd = &cobra.Command{
 	Long:  `AWS Multi-Factor Authentication Manager`,
 
 	Run: func(cmd *cobra.Command, args []string) {
-		userFlow()
+		ctx := context.Background()
+		userFlow(ctx)
 	},
 }
 
@@ -76,7 +78,7 @@ func init() {
 	viper.SetDefault("role-session-name", "mfaws")
 }
 
-func userFlow() {
+func userFlow(ctx context.Context) {
 	ini.PrettyFormat = false
 	ini.PrettyEqual = true
 
@@ -106,16 +108,18 @@ func userFlow() {
 		viper.SetDefault("external-id", cfg.Section(profileLongTerm).Key("external_id").String())
 	}
 
-	sess := internal.CreateSession(profileLongTerm)
+	config, err := internal.CreateConfig(ctx, profileLongTerm)
+	internal.CheckError(err)
+
 	var credsShortTerm internal.CredentialsShortTerm
 	if len(viper.GetString("assume-role")) == 0 {
 		viper.SetDefault("duration", 43200)
 		internal.DumpConfig()
-		credsShortTerm = internal.GetCredsWithoutRole(sess)
+		credsShortTerm = internal.GetCredsWithoutRole(ctx, config)
 	} else {
 		viper.SetDefault("duration", 3600)
 		internal.DumpConfig()
-		credsShortTerm = internal.GetCredsWithRole(sess)
+		credsShortTerm = internal.GetCredsWithRole(ctx, config)
 	}
 
 	err = cfg.Section(profileShortTerm).ReflectFrom(&credsShortTerm)

go.mod

@@ -3,22 +3,22 @@ module github.com/pbar1/mfaws
 go 1.14
 
 require (
-	github.com/BurntSushi/toml v0.3.1 // indirect
-	github.com/aws/aws-sdk-go v1.33.12
+	github.com/aws/aws-sdk-go-v2 v1.16.4
+	github.com/aws/aws-sdk-go-v2/config v1.15.9
+	github.com/aws/aws-sdk-go-v2/credentials v1.12.4
+	github.com/aws/aws-sdk-go-v2/service/sts v1.16.6
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
-	github.com/go-ini/ini v1.57.0 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/mapstructure v1.3.3 // indirect
 	github.com/pelletier/go-toml v1.8.0 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/afero v1.3.2 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
 	github.com/spf13/cobra v1.0.0
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spf13/viper v1.7.0
-	golang.org/x/sys v0.0.0-20200724161237-0e2f3a69832c // indirect
+	github.com/stretchr/testify v1.5.1 // indirect
+	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	golang.org/x/text v0.3.3 // indirect
 	gopkg.in/ini.v1 v1.57.0
 )

internal/mfaws.go

@@ -1,14 +1,16 @@
 package internal
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"time"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+
 	"github.com/spf13/viper"
 )
 
@@ -31,12 +33,12 @@ func CheckError(err error) {
 	}
 }
 
-// CreateSession creates an AWS session from the given profile
-func CreateSession(profileLongTerm string) *session.Session {
-	sess := session.Must(session.NewSessionWithOptions(session.Options{
-		Profile: profileLongTerm,
-	}))
-	return sess
+// CreateConfig creates an AWS configuration from the given profile
+func CreateConfig(ctx context.Context, profileLongTerm string) (aws.Config, error) {
+	return config.LoadDefaultConfig(
+		ctx,
+		config.WithSharedConfigProfile(profileLongTerm),
+	)
 }
 
 // GetMFAToken retrieves MFA token codes from either stdin or the "token" flag
@@ -53,18 +55,18 @@ func GetMFAToken() string {
 }
 
 // GetCredsWithoutRole is used to get temporary AWS credentials when NOT assuming a role
-func GetCredsWithoutRole(sess *session.Session) CredentialsShortTerm {
+func GetCredsWithoutRole(ctx context.Context, cfg aws.Config) CredentialsShortTerm {
 
 	mfaToken := GetMFAToken()
 
 	input := &sts.GetSessionTokenInput{
-		DurationSeconds: aws.Int64(viper.GetInt64("duration")),
+		DurationSeconds: aws.Int32(viper.GetInt32("duration")),
 		SerialNumber:    aws.String(viper.GetString("device")),
 		TokenCode:       aws.String(mfaToken),
 	}
 
-	svc := sts.New(sess)
-	result, err := svc.GetSessionToken(input)
+	svc := sts.NewFromConfig(cfg)
+	result, err := svc.GetSessionToken(ctx, input)
 	CheckError(err)
 	creds := result.Credentials
 
@@ -82,19 +84,24 @@ func GetCredsWithoutRole(sess *session.Session) CredentialsShortTerm {
 }
 
 // GetCredsWithRole is used to get temporary AWS credentials when assuming a role
-func GetCredsWithRole(sess *session.Session) CredentialsShortTerm {
+func GetCredsWithRole(ctx context.Context, cfg aws.Config) CredentialsShortTerm {
 
 	mfaToken := GetMFAToken()
 
-	creds := stscreds.NewCredentials(sess, viper.GetString("assume-role"), func(p *stscreds.AssumeRoleProvider) {
+	client := sts.NewFromConfig(cfg)
+
+	creds := stscreds.NewAssumeRoleProvider(client, viper.GetString("assume-role"), func(p *stscreds.AssumeRoleOptions) {
 		p.Duration = time.Duration(viper.GetInt("duration")) * time.Second
 		p.SerialNumber = aws.String(viper.GetString("device"))
-		p.TokenCode = aws.String(mfaToken)
+		p.TokenProvider = func() (string, error) {
+			return mfaToken, nil
+		}
 		p.RoleSessionName = viper.GetString("role-session-name")
 		p.ExternalID = aws.String(viper.GetString("external-id"))
+
 	})
 
-	credsRepsonse, err := creds.Get()
+	credsRepsonse, err := creds.Retrieve(ctx)
 	CheckError(err)
 	expirationTime := time.Now().UTC().Add(time.Duration(viper.GetInt("duration")) * time.Second)