Add aws-profile option

README.md

@@ -64,6 +64,12 @@ export AWS_ACCESS_KEY_ID=AKID1234567890
 export AWS_SECRET_ACCESS_KEY=MY-SECRET-KEY
 ```
 
+You can also use AWS profiles to manage multiple sets of credentials. Specify the profile using the `-aws-profile` flag:
+
+```sh
+./aws-es-proxy -aws-profile myprofile -endpoint https://my-es-domain.region.es.amazonaws.com
+```
+
 **aws-es-proxy** also supports `IAM roles`. To use IAM roles, you need to modify your Amazon Elasticsearch access policy to allow access from that role. Below is an Amazon Elasticsearch `access policy` example allowing access from any EC2 instance with an IAM role called `ec2-aws-elasticsearch`.
 
 ```json
@@ -100,6 +106,13 @@ export ENDPOINT=https://test-es-somerandomvalue.eu-west-1.es.amazonaws.com
 Listening on 10.0.0.1:9200
 ```
 
+Using a specific AWS profile:
+
+```sh
+./aws-es-proxy -aws-profile production -endpoint https://test-es-somerandomvalue.eu-west-1.es.amazonaws.com
+Listening on 127.0.0.1:9200
+```
+
 *aws-es-proxy* listens on 127.0.0.1:9200 if no additional argument is provided. You can change the IP and Port passing the argument `-listen`
 
 ```sh
@@ -136,6 +149,8 @@ Usage of ./aws-es-proxy:
         Log user requests and ElasticSearch responses to files
   -no-sign-reqs
         Disable AWS Signature v4
+  -aws-profile string
+        AWS credential profile name to use
   -password string
         HTTP Basic Auth Password
   -pretty

aws-es-proxy.go

@@ -90,6 +90,7 @@ type proxy struct {
 	realm           string
 	remoteTerminate bool
 	assumeRole      string
+	profile         string
 }
 
 func newProxy(args ...interface{}) *proxy {
@@ -122,6 +123,7 @@ func newProxy(args ...interface{}) *proxy {
 		realm:           args[9].(string),
 		remoteTerminate: args[10].(bool),
 		assumeRole:      args[11].(string),
+		profile:         args[12].(string),
 	}
 }
 
@@ -198,12 +200,25 @@ func (p *proxy) parseEndpoint() error {
 func (p *proxy) getSigner() *v4.Signer {
 	// Refresh credentials after expiration. Required for STS
 	if p.credentials == nil {
-		sess, err := session.NewSession(
-			&aws.Config{
+		// Set profile if specified
+		if p.profile != "" {
+			logrus.Infof("Using AWS profile: %s", p.profile)
+		}
+
+		sessOptions := session.Options{
+			Config: aws.Config{
 				Region:                        aws.String(p.region),
 				CredentialsChainVerboseErrors: aws.Bool(true),
 			},
-		)
+			SharedConfigState: session.SharedConfigEnable,
+		}
+
+		// Set profile if specified
+		if p.profile != "" {
+			sessOptions.Profile = p.profile
+		}
+
+		sess, err := session.NewSessionWithOptions(sessOptions)
 		if err != nil {
 			logrus.Debugln(err)
 		}
@@ -223,7 +238,11 @@ func (p *proxy) getSigner() *v4.Signer {
 				provider.MaxJitterFrac = 0.1
 			})
 		} else {
-			logrus.Infoln("Using default credentials")
+			if p.profile != "" {
+				logrus.Infof("Using credentials from AWS profile: %s", p.profile)
+			} else {
+				logrus.Infoln("Using default credentials")
+			}
 			creds = sess.Config.Credentials
 		}
 
@@ -485,6 +504,7 @@ func main() {
 		timeout         int
 		remoteTerminate bool
 		assumeRole      string
+		profile         string
 	)
 
 	flag.StringVar(&endpoint, "endpoint", "", "Amazon ElasticSearch Endpoint (e.g: https://dummy-host.eu-west-1.es.amazonaws.com)")
@@ -502,6 +522,7 @@ func main() {
 	flag.StringVar(&realm, "realm", "", "Authentication Required")
 	flag.BoolVar(&remoteTerminate, "remote-terminate", false, "Allow HTTP remote termination")
 	flag.StringVar(&assumeRole, "assume", "", "Optionally specify role to assume")
+	flag.StringVar(&profile, "aws-profile", "", "AWS credential profile name to use")
 	flag.Parse()
 
 	if endpoint == "" {
@@ -549,6 +570,7 @@ func main() {
 		realm,
 		remoteTerminate,
 		assumeRole,
+		profile,
 	)
 
 	if err = p.parseEndpoint(); err != nil {