summaryrefslogtreecommitdiff
path: root/src/mongo/client
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/client')
-rw-r--r--src/mongo/client/sasl_iam_client_conversation.cpp16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/mongo/client/sasl_iam_client_conversation.cpp b/src/mongo/client/sasl_iam_client_conversation.cpp
index 1c3768a5940..e99b9895024 100644
--- a/src/mongo/client/sasl_iam_client_conversation.cpp
+++ b/src/mongo/client/sasl_iam_client_conversation.cpp
@@ -92,6 +92,22 @@ iam::AWSCredentials SaslIAMClientConversation::_getUserCredentials() const {
}
iam::AWSCredentials SaslIAMClientConversation::_getLocalAWSCredentials() const {
+ // Check the environment variables
+ // These are set by AWS Lambda to pass in credentials and can be set by users.
+ StringData awsAccessKeyId = getenv("AWS_ACCESS_KEY_ID");
+ StringData awsSecretAccessKey = getenv("AWS_SECRET_ACCESS_KEY");
+ StringData awsSessionToken = getenv("AWS_SESSION_TOKEN");
+
+ if (!awsAccessKeyId.empty() && !awsSecretAccessKey.empty()) {
+ if (!awsSessionToken.empty()) {
+ return iam::AWSCredentials(awsAccessKeyId.toString(),
+ awsSecretAccessKey.toString(),
+ awsSessionToken.toString());
+ }
+
+ return iam::AWSCredentials(awsAccessKeyId.toString(), awsSecretAccessKey.toString());
+ }
+
StringData ecsMetadata = getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI");
if (!ecsMetadata.empty()) {
return _getEcsCredentials(ecsMetadata);
View Lorry Controller Status