Change AWS credential handling to use SDK default

README.md

@@ -4,7 +4,7 @@
 
 WAL-G is an archival restoration tool for Postgres. 
 
-WAL-G is the successor of WAL-E with a number of key differences. WAL-G uses LZ4 compression, multiple processors and non-exclusive base backups for Postgres. More information on the design and implementation of WAL-G can be found on the Citus Data blog post ["Introducing WAL-G: Faster Disaster Recovery for Postgres"](https://www.citusdata.com/blog/2017/08/18/introducing-wal-g-faster-restores-for-postgres/).  
+WAL-G is the successor of WAL-E with a number of key differences. WAL-G uses LZ4 compression, multiple processors and non-exclusive base backups for Postgres. More information on the design and implementation of WAL-G can be found on the Citus Data blog post ["Introducing WAL-G by Citus: Faster Disaster Recovery for Postgres"](https://www.citusdata.com/blog/2017/08/18/introducing-wal-g-faster-restores-for-postgres/).  
 
 **Table of Contents**  
 - [Installation](#installation)  
@@ -45,7 +45,7 @@ WAL-G uses [the usual PostgreSQL environment variables](https://www.postgresql.o
 
 Required if using AWS STS:
 
-* `AWS_SECURITY_TOKEN`
+* `AWS_SESSION_TOKEN`
 
 Concurrency values can be configured using:
 
@@ -151,4 +151,6 @@ This project is licensed under the Apache License, Version 2.0, but the lzo supp
 
 Acknowledgements
 ----------------
-WAL-G could not have been possible without the support of [Citus](https://www.citusdata.com/) [Data](https://github.com/citusdata). We would like to express our sincere gratitude and appreciation for having the opportunity to develop and test this project. Thank you to all who contributed to the creation of WAL-G.
+WAL-G would not have happened without the support of [Citus Data](https://www.citusdata.com/)
+
+WAL-G came into existence as a result of the collaboration between a summer engineering intern at Citus, Katie Li, and Daniel Farina, the original author of WAL-E who currently serves as a principal engineer on the Citus Cloud team. Citus Data also has an [open source extension to Postgres](https://github.com/citusdata) that distributes database queries horizontally to deliver scale and performance. 

upload.go

@@ -4,7 +4,7 @@ import (
 	"archive/tar"
 	"fmt"
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/defaults"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/aws/aws-sdk-go/service/s3/s3iface"
@@ -31,12 +31,9 @@ var MAXBACKOFF = float64(32)
 // Checks that the following environment variables are set:
 // WALE_S3_PREFIX
 // AWS_REGION
-// AWS_ACCESS_KEY_ID
-// AWS_SECRET_ACCESS_KEY
-// AWS_SECURITY_TOKEN
 func checkVar(n map[string]string) error {
 	u := &UnsetEnvVarError{
-		names: make([]string, 0, 5),
+		names: make([]string, 0, 2),
 	}
 	for i, val := range n {
 		if val == "" {
@@ -59,21 +56,15 @@ func checkVar(n map[string]string) error {
 // AWS_REGION
 // AWS_ACCESS_KEY_ID
 // AWS_SECRET_ACCESS_KEY
-// AWS_SECURITY_TOKEN
 //
 // Able to configure the upload part size in the S3 uploader.
 func Configure() (*TarUploader, *Prefix, error) {
 	chk := make(map[string]string)
-
 	chk["WALE_S3_PREFIX"] = os.Getenv("WALE_S3_PREFIX")
 	chk["AWS_REGION"] = os.Getenv("AWS_REGION")
-	chk["AWS_ACCESS_KEY_ID"] = os.Getenv("AWS_ACCESS_KEY_ID")
-	chk["AWS_SECRET_ACCESS_KEY"] = os.Getenv("AWS_SECRET_ACCESS_KEY")
-	chk["AWS_SECURITY_TOKEN"] = os.Getenv("AWS_SECURITY_TOKEN")
-
-	err := checkVar(chk)
-	if err != nil {
-		return nil, nil, err
+	preErr := checkVar(chk)
+	if preErr != nil {
+		return nil, nil, preErr
 	}
 
 	u, err := url.Parse(chk["WALE_S3_PREFIX"])
@@ -90,9 +81,9 @@ func Configure() (*TarUploader, *Prefix, error) {
 		Server: aws.String(server),
 	}
 
-	config := &aws.Config{
-		Region:      aws.String(region),
-		Credentials: credentials.NewStaticCredentials(chk["AWS_ACCESS_KEY_ID"], chk["AWS_SECRET_ACCESS_KEY"], chk["AWS_SECURITY_TOKEN"]),
+	config := defaults.Get().Config
+	if _, err := config.Credentials.Get(); err != nil {
+		return nil, nil, errors.Wrapf(err, "Configure: failed to get AWS credentials; please specify AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY")
 	}
 
 	sess, err := session.NewSession(config)