From 65b33ad7e2c9bc8be0ae939f0daf6ffece500415 Mon Sep 17 00:00:00 2001
From: Loren Brindze <loren@saildrone.com>
Date: Tue, 14 Aug 2018 09:44:12 -0700
Subject: [PATCH] adding assume role to aws_sd provider

---
 main.go            | 2 +-
 provider/aws_sd.go | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index f7de4ed30..28ed43a2d 100644
--- a/main.go
+++ b/main.go
@@ -112,7 +112,7 @@ func main() {
 			log.Infof("Registry \"%s\" cannot be used with AWS ServiceDiscovery. Switching to \"aws-sd\".", cfg.Registry)
 			cfg.Registry = "aws-sd"
 		}
-		p, err = provider.NewAWSSDProvider(domainFilter, cfg.AWSZoneType, cfg.DryRun)
+		p, err = provider.NewAWSSDProvider(domainFilter, cfg.AWSZoneType, cfg.AWSAssumeRole, cfg.DryRun)
 	case "azure":
 		p, err = provider.NewAzureProvider(cfg.AzureConfigFile, domainFilter, zoneIDFilter, cfg.AzureResourceGroup, cfg.DryRun)
 	case "cloudflare":
diff --git a/provider/aws_sd.go b/provider/aws_sd.go
index 05cb365a5..480dfbd5a 100644
--- a/provider/aws_sd.go
+++ b/provider/aws_sd.go
@@ -23,6 +23,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/session"
 	sd "github.com/aws/aws-sdk-go/service/servicediscovery"
@@ -69,7 +70,7 @@ type AWSSDProvider struct {
 }
 
 // NewAWSSDProvider initializes a new AWS Route53 Auto Naming based Provider.
-func NewAWSSDProvider(domainFilter DomainFilter, namespaceType string, dryRun bool) (*AWSSDProvider, error) {
+func NewAWSSDProvider(domainFilter DomainFilter, namespaceType string, assumeRole string, dryRun bool) (*AWSSDProvider, error) {
 	config := aws.NewConfig()
 
 	config = config.WithHTTPClient(
@@ -88,6 +89,12 @@ func NewAWSSDProvider(domainFilter DomainFilter, namespaceType string, dryRun bo
 	if err != nil {
 		return nil, err
 	}
+
+	if assumeRole != "" {
+		log.Infof("Assuming role: %s", assumeRole)
+		sess.Config.WithCredentials(stscreds.NewCredentials(sess, assumeRole))
+	}
+
 	sess.Handlers.Build.PushBack(request.MakeAddToUserAgentHandler("ExternalDNS", externaldns.Version))
 
 	provider := &AWSSDProvider{