Add aws_session_token argument, to enable use of temp AWS credentials (#26)

* - Add `aws_session_token` argument to program, to enable use of temporary AWS credentials

* Fix spacing

*  Whitespace should be tab

Author: mattellis

main.go

@@ -18,6 +18,7 @@ import (
 var (
 	awsAccessKeyId              = flag.String("aws_access_key_id", os.Getenv("AWS_ACCESS_KEY_ID"), "AWS access key Id with permissions to publish CloudWatch metrics")
 	awsSecretAccessKey          = flag.String("aws_secret_access_key", os.Getenv("AWS_SECRET_ACCESS_KEY"), "AWS secret access key with permissions to publish CloudWatch metrics")
+	awsSessionToken             = flag.String("aws_session_token", os.Getenv("AWS_SESSION_TOKEN"), "AWS session token with permissions to publish CloudWatch metrics")
 	cloudWatchNamespace         = flag.String("cloudwatch_namespace", os.Getenv("CLOUDWATCH_NAMESPACE"), "CloudWatch Namespace")
 	cloudWatchRegion            = flag.String("cloudwatch_region", os.Getenv("CLOUDWATCH_REGION"), "CloudWatch Region")
 	cloudWatchPublishTimeout    = flag.String("cloudwatch_publish_timeout", os.Getenv("CLOUDWATCH_PUBLISH_TIMEOUT"), "CloudWatch publish timeout in seconds")
@@ -172,6 +173,7 @@ func main() {
 		PrometheusSkipServerCertCheck: skipCertCheck,
 		AwsAccessKeyId:                *awsAccessKeyId,
 		AwsSecretAccessKey:            *awsSecretAccessKey,
+		AwsSessionToken:               *awsSessionToken,
 		AdditionalDimensions:          additionalDimensions,
 		ReplaceDimensions:             replaceDims,
 		IncludeMetrics:                includeMetricsList,

prometheus_to_cloudwatch.go

@@ -64,6 +64,9 @@ type Config struct {
 	// AWS secret access key with permissions to publish CloudWatch metrics
 	AwsSecretAccessKey string
 
+	// AWS session token with permissions to publish CloudWatch metrics
+	AwsSessionToken string
+
 	// Required. The CloudWatch namespace under which metrics should be published
 	CloudWatchNamespace string
 
@@ -174,7 +177,8 @@ func NewBridge(c *Config) (*Bridge, error) {
 	// If credentials are not provided in the variables, the chain of credential providers will search for credentials
 	// in environment variables, the shared credential file, and EC2 Instance Roles
 	if c.AwsAccessKeyId != "" && c.AwsSecretAccessKey != "" {
-		config.Credentials = credentials.NewStaticCredentials(c.AwsAccessKeyId, c.AwsSecretAccessKey, "")
+		// Utilise AWS session token if one is provided (Required for temporary AWS credentials)
+		config.Credentials = credentials.NewStaticCredentials(c.AwsAccessKeyId, c.AwsSecretAccessKey, c.AwsSessionToken)
 	}
 
 	sess, err := session.NewSession(config)