From 6e27f54545e27c305f27751ec0719e3b7f0bbced Mon Sep 17 00:00:00 2001 From: Todor Genov Date: Mon, 26 Mar 2018 14:43:56 +0200 Subject: [PATCH] Use botocore's credential auto-discovery if AWS creds are not explicitly defined in config (#707) --- cowrie.cfg.dist | 4 +++- cowrie/output/s3.py | 17 +++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/cowrie.cfg.dist b/cowrie.cfg.dist index ebd5ce31..d89529bb 100644 --- a/cowrie.cfg.dist +++ b/cowrie.cfg.dist @@ -531,7 +531,9 @@ logfile = log/cowrie.json # #[output_s3] # -# The AWS credentials to use +# The AWS credentials to use. +# Leave these blank to use botocore's credential discovery e.g .aws/config or ENV variables. +# As per https://github.com/boto/botocore/blob/develop/botocore/credentials.py#L50-L65 #access_key_id = AKIDEXAMPLE #secret_access_key = wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY # diff --git a/cowrie/output/s3.py b/cowrie/output/s3.py index 0e03aa96..af519b7b 100644 --- a/cowrie/output/s3.py +++ b/cowrie/output/s3.py @@ -7,6 +7,8 @@ from __future__ import division, absolute_import import os from twisted.internet import defer, threads +from twisted.python import log + from botocore.session import get_session from botocore.exceptions import ClientError @@ -14,6 +16,7 @@ from botocore.exceptions import ClientError import cowrie.core.output from cowrie.core.config import CONFIG +from configparser import NoOptionError @@ -23,10 +26,16 @@ class Output(cowrie.core.output.Output): self.seen = set() self.session = get_session() - self.session.set_credentials( - CONFIG.get("output_s3", "access_key_id"), - CONFIG.get("output_s3", "secret_access_key"), - ) + + try: + if CONFIG.get("output_s3", "access_key_id") and CONFIG.get("output_s3", "secret_access_key"): + self.session.set_credentials( + CONFIG.get("output_s3", "access_key_id"), + CONFIG.get("output_s3", "secret_access_key"), + ) + except NoOptionError: + log.msg("No AWS credentials found in config - using botocore global settings.") + self.client = self.session.create_client( 's3', region_name=CONFIG.get("output_s3", "region"),