amazon web services - How to assume role with the new AWS GO SDK-V2 for cross account access

Question

Following the GO SDK-v2 RC last Dec.24th, I have no idea how to create a config to assume a role in a different aws account. I couldn't find any doc or example and tried with the 'config.WithAssumeRoleCredentialsOptions' or with the 'stscreds.NewAssumeRoleProvider' without any result. Does anyone have an example or pointers for this?

Answer 1

Here's the way to do it:

ctx := context.TODO()
        cfg, err := config.LoadDefaultConfig(ctx,
            config.WithRegion("us-east-1"),
            //config.WithClientLogMode(aws.LogSigning),
        )
        if err != nil {
            log.Fatal(err)
        }
        stsClient := sts.NewFromConfig(cfg)
        provider := stscreds.NewAssumeRoleProvider(stsClient, roleARN)
        cfg.Credentials = aws.NewCredentialsCache(provider)
// without the following, I'm getting an error message: api error SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided.
    creds, err := cfg.Credentials.Retrieve(context.Background())
    if err != nil {
        log.Fatal(err)
    }