coreos / aws-auth-proxy Goto Github PK

It can read indices, but for some reason it can not delete them:

2016-02-12 09:55:43,723 ERROR Got a 403 response from Elasticsearch. Error message: {"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'DELETE\n/logstash-2016.02.06%2Clogstash-2016.02.07%2Clogstash-2016.02.08%2Clogstash-2016.02.09%2Clogstash-2016.02.10%2Clogstash-2016.02.11\nmaster_timeout=30000\nhost:search-xontom-staging-xs2f3kyrtp43ivx4fr26ke3rgi.eu-west-1.es.amazonaws.com\nx-amz-date:20160212T095543Z\n\nhost;x-amz-date\ne3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20160212T095543Z\n20160212/eu-west-1/es/aws4_request\ncd0341526ff24d686ea0bc93e0fd66d985e9e861f6aa96551ad7b2ab02758bd5'\n"}

i found this tool while searching for a proxy to sign aws api requests coming from applications which do not support temporary aws access keys, i.e. not access key + secret key pair, but access + secret + session key triplet.

i see it already uses some module which looks like aws go sdk.
would it be feasible to support --profile option and utizile aws sdk built-in logic to get the appropriative key pair / key triplet from default credentials file (aka. shared credentials file) according to the given profile name?

or just support --session-token for let aws sign with the temporary key triplet?

thanks for consideration.