From ad12ee4db4250ae1151d03bb6e053813dc294d8e Mon Sep 17 00:00:00 2001
From: Eduardo Lopez <edulop91+edulop91@gmail.com>
Date: Wed, 24 Apr 2019 16:30:16 -0700
Subject: [PATCH] Allow Firehose authentication using sts credentials (#2034)

---
 Gopkg.lock                 |  2 ++
 server/logging/firehose.go | 15 +++++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/Gopkg.lock b/Gopkg.lock
index 7a7a3af3b7..7e817123f9 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -711,8 +711,10 @@
     "github.com/VividCortex/mysqlerr",
     "github.com/WatchBeam/clock",
     "github.com/aws/aws-sdk-go/aws",
+    "github.com/aws/aws-sdk-go/aws/awserr",
     "github.com/aws/aws-sdk-go/aws/credentials",
     "github.com/aws/aws-sdk-go/aws/session",
+    "github.com/aws/aws-sdk-go/service/firehose",
     "github.com/aws/aws-sdk-go/service/firehose/firehoseiface",
     "github.com/beevik/etree",
     "github.com/briandowns/spinner",
diff --git a/server/logging/firehose.go b/server/logging/firehose.go
index 968bf3e04f..22e890ec32 100644
--- a/server/logging/firehose.go
+++ b/server/logging/firehose.go
@@ -34,10 +34,17 @@ type firehoseLogWriter struct {
 }
 
 func NewFirehoseLogWriter(region, id, secret, stream string, logger log.Logger) (*firehoseLogWriter, error) {
-	sess, err := session.NewSession(&aws.Config{
-		Credentials: credentials.NewStaticCredentials(id, secret, ""),
-		Region:      &region,
-	})
+	conf := &aws.Config{
+		Region: &region,
+	}
+
+	// Only provide static credentials if we have them
+	// otherwise use the default credentials provider chain
+	if id != "" && secret != "" {
+		conf.Credentials = credentials.NewStaticCredentials(id, secret, "")
+	}
+
+	sess, err := session.NewSession(conf)
 	if err != nil {
 		return nil, errors.Wrap(err, "create Firehose client")
 	}