adding chained aws credentials support

Allows you to run inside AWS and resolve credentials in order

1. static credentials (access keys from ELASTIC_CONNECTION_INFO)
2. EC2 role credentials

Other methods of resolution (Shared and Environment) have been omitted as static credentials are sent from the rails app or they will be resolved from the ec2 instance profile.

elastic/client.go

@@ -7,7 +7,11 @@ import (
 	"os"
 	"strings"
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/aws/signer/v4"
 	"github.com/deoxxa/aws_signing_client"
 	"gopkg.in/olivere/elastic.v5"
@@ -59,7 +63,10 @@ func NewClient(config *Config) (*Client, error) {
 	// AWS settings have to come first or they override custom URL, etc
 	if config.AWS {
-		credentials := credentials.NewStaticCredentials(config.AccessKey, config.SecretKey, "")
+		aws_config := &aws.Config{
+			Region: aws.String(config.Region),
+		}
+		credentials := ResolveAWSCredentials(config, aws_config)
 		signer := v4.NewSigner(credentials)
 		awsClient, err := aws_signing_client.New(signer, &http.Client{}, "es", config.Region)
 		if err != nil {
@@ -101,6 +108,37 @@ func NewClient(config *Config) (*Client, error) {
 	}, nil
 }
+// ResolveAWSCredentials returns Credentials object
+//
+// Order of resolution
+// 1.  Environment Variable - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
+// 2.  Static Credentials - As configured in Indexer config
+// 3.  Shared Credentials - Defaults to looking in $HOME/.aws/credentials.
+//			Optionally specify the profile name and credentials file location in Indexer config
+// 4.  EC2 Instance Role Credentials
+func ResolveAWSCredentials(config *Config, aws_config *aws.Config) *credentials.Credentials {
+	sess := session.Must(session.NewSession(aws_config))
+	creds := credentials.NewChainCredentials(
+		[]credentials.Provider{
+			&credentials.EnvProvider{},
+			&credentials.StaticProvider{
+				Value: credentials.Value{
+					AccessKeyID:     config.AccessKey,
+					SecretAccessKey: config.SecretKey,
+				},
+			},
+			&credentials.SharedCredentialsProvider{
+				Profile:  config.Profile,
+				Filename: config.CredentialsFile,
+			},
+			&ec2rolecreds.EC2RoleProvider{
+				Client: ec2metadata.New(sess),
+			},
+		},
+	)
+	return creds
+}
+
 func (c *Client) ParentID() string {
 	return c.ProjectID
 }