rabbitmq-server/deps/rabbitmq_aws/README.md

# rabbitmq-aws

A fork of [gmr/httpc-aws](https://github.com/gmr/httpc-aws) for use in building RabbitMQ plugins that interact with Amazon Web Services APIs.

[![Build Status](https://travis-ci.org/gmr/rabbitmq-aws.svg?branch=master)](https://travis-ci.org/gmr/rabbitmq-aws)

## Supported Erlang Versions

[Same as RabbitMQ](http://www.rabbitmq.com/which-erlang.html)
 
## Configuration

Configuration for *rabbitmq-aws* is can be provided in multiple ways. It is designed
to behave similarly to the [AWS Command Line Interface](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html)
with respect to providing region and configuration information. Additionally it
has two methods, ``rabbitmq_aws:set_region/1`` and ``rabbitmq_aws:set_credentials/2``
to allow for application specific configuration, bypassing the automatic configuration
behavior.

### Configuration Precedence

The configuration values have the following precedence:

 - Explicitly configured via API
 - Environment variables
 - Configuration file
 - EC2 Instance Metadata Service where applicable

### Credentials Precedence

The credentials values have the following precedence:

 - Explicitly configured via API
 - Environment variables
 - Credentials file
 - EC2 Instance Metadata Service

### EC2 Instance Metadata Service Versions

There are two versions of the EC2 Instance Metadata Service (IMDS) that are available by default on EC2 instances; IMDSv1 and IMDSv2 which is protected by session authentication
and [adds defenses against additional vulnerabilities](https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/).
AWS recommends adopting IMDSv2 and disabling IMDSv1 [by configuring the Instance Metadata Service on the EC2 instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html).

By default *rabbitmq-aws* will attempt to use IMDSv2 first and will fallback to use IMDSv1 if calls to IMDSv2 fail. This behavior can be overridden
by setting the ``aws.prefer_imdsv2`` setting to ``false``.

### Environment Variables

As with the AWS CLI, the following environment variables can be used to provide 
configuration or to impact configuration behavior:

 - ``AWS_DEFAULT_PROFILE``
 - ``AWS_DEFAULT_REGION``
 - ``AWS_CONFIG_FILE``
 - ``AWS_SHARED_CREDENTIALS_FILE``
 - ``AWS_ACCESS_KEY_ID``
 - ``AWS_SECRET_ACCESS_KEY``
 
## API Functions
 
  Method                                | Description
 ---------------------------------------|--------------------------------------------------------------------------------------------
 ``rabbitmq_aws:set_region/1``          | Manually specify the AWS region to make requests to.
 ``rabbitmq_aws:set_credentials/2``     | Manually specify the request credentials to use.
 ``rabbitmq_aws:refresh_credentials/0`` | Refresh the credentials from the environment, filesystem, or EC2 Instance Metadata Service.
 ``rabbitmq_aws:ensure_imdsv2_token_valid/0`` | Make sure EC2 IMDSv2 token is active and valid.
 ``rabbitmq_aws:api_get_request/2``           | Perform an AWS service API request.
 ``rabbitmq_aws:get/2``                 | Perform a GET request to the API specifying the service and request path.
 ``rabbitmq_aws:get/3``                 | Perform a GET request specifying the service, path, and headers.
 ``rabbitmq_aws:post/4``                | Perform a POST request specifying the service, path, headers, and body.
 ``rabbitmq_aws:request/5``             | Perform a request specifying the service, method, path, headers, and body.
 ``rabbitmq_aws:request/6``             | Perform a request specifying the service, method, path, headers, body, and ``httpc:http_options().``
 ``rabbitmq_aws:request/7``             | Perform a request specifying the service, method, path, headers, body,  ``httpc:http_options()``, and override the API endpoint. 
 

## Example Usage

The following example assumes that you either have locally configured credentials or that
you're using the EC2 Instance Metadata Service for credentials:

```erlang
application:start(rabbitmq_aws).
{ok, {Headers, Response}} = rabbitmq_aws:get("ec2","/?Action=DescribeTags&Version=2015-10-01").
```

To configure credentials, invoke ``rabbitmq_aws:set_credentials/2``:

```erlang
application:start(rabbitmq_aws).

rabbitmq_aws:set_credentials("AKIDEXAMPLE", "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"),

RequestHeaders = [{"Content-Type", "application/x-amz-json-1.0"},
                  {"X-Amz-Target", "DynamoDB_20120810.ListTables"}],
                  
{ok, {Headers, Response}} = rabbitmq_aws:post("dynamodb", "/", 
                                              "{\"Limit\": 20}",
                                              RequestHeaders).
```

## Build

```bash
make
```

## Test

```bash
make tests
```

## License

BSD 3-Clause License
WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`# rabbitmq-aws`
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00
WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`A fork of [gmr/httpc-aws](https://github.com/gmr/httpc-aws) for use in building RabbitMQ plugins that interact with Amazon Web Services APIs.`
Add description 2016-03-29 08:40:23 +08:00
WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`[![Build Status](https://travis-ci.org/gmr/rabbitmq-aws.svg?branch=master)](https://travis-ci.org/gmr/rabbitmq-aws)`
Add badges 2016-03-31 09:44:18 +08:00
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00			`## Supported Erlang Versions`

README updates 2018-10-26 06:32:29 +08:00			`[Same as RabbitMQ](http://www.rabbitmq.com/which-erlang.html)`
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00
			`## Configuration`

WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`Configuration for rabbitmq-aws is can be provided in multiple ways. It is designed`
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00			`to behave similarly to the [AWS Command Line Interface](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html)`
WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`with respect to providing region and configuration information. Additionally it`
			has two methods, ``rabbitmq_aws:set_region/1`` and ``rabbitmq_aws:set_credentials/2``
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00			`to allow for application specific configuration, bypassing the automatic configuration`
			`behavior.`

			`### Configuration Precedence`

Enumerate the env vars (stub) 2016-03-29 12:18:04 +08:00			`The configuration values have the following precedence:`
Initial WIP commit 2016-03-29 12:14:17 +08:00
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00			`- Explicitly configured via API`
			`- Environment variables`
			`- Configuration file`
			`- EC2 Instance Metadata Service where applicable`

address review feedback 2021-04-08 09:06:54 +08:00			`### Credentials Precedence`

			`The credentials values have the following precedence:`

			`- Explicitly configured via API`
			`- Environment variables`
			`- Credentials file`
			`- EC2 Instance Metadata Service`

added section on IMDS version to the readme 2021-04-08 05:06:02 +08:00			`### EC2 Instance Metadata Service Versions`

address review feedback 2021-04-08 09:04:31 +08:00			`There are two versions of the EC2 Instance Metadata Service (IMDS) that are available by default on EC2 instances; IMDSv1 and IMDSv2 which is protected by session authentication`
			`and [adds defenses against additional vulnerabilities](https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/).`
added section on IMDS version to the readme 2021-04-08 05:06:02 +08:00			`AWS recommends adopting IMDSv2 and disabling IMDSv1 [by configuring the Instance Metadata Service on the EC2 instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html).`

			`By default rabbitmq-aws will attempt to use IMDSv2 first and will fallback to use IMDSv1 if calls to IMDSv2 fail. This behavior can be overridden`
fix a typo in a config name 2021-04-08 23:21:32 +08:00			by setting the ``aws.prefer_imdsv2`` setting to ``false``.
added section on IMDS version to the readme 2021-04-08 05:06:02 +08:00
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00			`### Environment Variables`

			`As with the AWS CLI, the following environment variables can be used to provide`
			`configuration or to impact configuration behavior:`

			- ``AWS_DEFAULT_PROFILE``
			- ``AWS_DEFAULT_REGION``
			- ``AWS_CONFIG_FILE``
			- ``AWS_SHARED_CREDENTIALS_FILE``
			- ``AWS_ACCESS_KEY_ID``
			- ``AWS_SECRET_ACCESS_KEY``

Correct a typo Primarily to trigger the pipeline to sync newly pushed tags. 2018-10-26 18:24:22 +08:00			`## API Functions`
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00
WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`Method \| Description`
			`---------------------------------------\|--------------------------------------------------------------------------------------------`
			``rabbitmq_aws:set_region/1`` \| Manually specify the AWS region to make requests to.
			``rabbitmq_aws:set_credentials/2`` \| Manually specify the request credentials to use.
address review feedback 2021-04-08 09:04:31 +08:00			``rabbitmq_aws:refresh_credentials/0`` \| Refresh the credentials from the environment, filesystem, or EC2 Instance Metadata Service.
address review feedback 2021-04-07 08:54:40 +08:00			``rabbitmq_aws:ensure_imdsv2_token_valid/0`` \| Make sure EC2 IMDSv2 token is active and valid.
Support rabbit_peer_discovery_aws to work with instance metadata service v2 (IMDSv2). IMDSv2 uses session-oriented requests. With session-oriented requests, a session token is retrieved first then used in subsequent GET requests for instance metadata values such as instance-id, credentials, etc. Details could be found here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html 2021-04-05 11:57:59 +08:00			``rabbitmq_aws:api_get_request/2`` \| Perform an AWS service API request.
WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			``rabbitmq_aws:get/2`` \| Perform a GET request to the API specifying the service and request path.
			``rabbitmq_aws:get/3`` \| Perform a GET request specifying the service, path, and headers.
			``rabbitmq_aws:post/4`` \| Perform a POST request specifying the service, path, headers, and body.
			``rabbitmq_aws:request/5`` \| Perform a request specifying the service, method, path, headers, and body.
			``rabbitmq_aws:request/6`` \| Perform a request specifying the service, method, path, headers, body, and ``httpc:http_options().``
			``rabbitmq_aws:request/7`` \| Perform a request specifying the service, method, path, headers, body, ``httpc:http_options()``, and override the API endpoint.
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00
Enumerate the env vars (stub) 2016-03-29 12:18:04 +08:00
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00			`## Example Usage`

			`The following example assumes that you either have locally configured credentials or that`
added section on IMDS version to the readme 2021-04-08 05:06:02 +08:00			`you're using the EC2 Instance Metadata Service for credentials:`
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00
			```erlang
WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`application:start(rabbitmq_aws).`
			`{ok, {Headers, Response}} = rabbitmq_aws:get("ec2","/?Action=DescribeTags&Version=2015-10-01").`
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00			```

WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			To configure credentials, invoke ``rabbitmq_aws:set_credentials/2``:
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00
			```erlang
WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`application:start(rabbitmq_aws).`
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00
WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`rabbitmq_aws:set_credentials("AKIDEXAMPLE", "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"),`
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00
			`RequestHeaders = [{"Content-Type", "application/x-amz-json-1.0"},`
			`{"X-Amz-Target", "DynamoDB_20120810.ListTables"}],`

WIP first change after renaming all the things 2016-05-20 05:04:53 +08:00			`{ok, {Headers, Response}} = rabbitmq_aws:post("dynamodb", "/",`
			`"{\"Limit\": 20}",`
			`RequestHeaders).`
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00			```

			`## Build`
Initial setup from rebar3 lib template 2016-03-29 08:39:45 +08:00
Add badges 2016-03-31 09:44:18 +08:00			```bash
README updates 2018-10-26 06:32:29 +08:00			`make`
Add badges 2016-03-31 09:44:18 +08:00			```

Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00			`## Test`
Add badges 2016-03-31 09:44:18 +08:00
			```bash
README updates 2018-10-26 06:32:29 +08:00			`make tests`
Add badges 2016-03-31 09:44:18 +08:00			```
Add minimal API documentation to the README 2016-05-20 04:19:29 +08:00
			`## License`

			`BSD 3-Clause License`