From c6a02d802138f3c05b110907f56ff02c5215ace9 Mon Sep 17 00:00:00 2001
From: Garvin <gpang@godaddy.com>
Date: Thu, 10 Dec 2020 15:14:43 -0800
Subject: [PATCH] allow using env creds

---
 cuckoo/machinery/aws.py          | 10 +++++++---
 cuckoo/private/cwd/conf/aws.conf |  1 +
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/cuckoo/machinery/aws.py b/cuckoo/machinery/aws.py
index c4b9a31..e3f5cfd 100644
--- a/cuckoo/machinery/aws.py
+++ b/cuckoo/machinery/aws.py
@@ -43,9 +43,13 @@ def _initialize_check(self):
         self.dynamic_machines_sequence = 0
         self.dynamic_machines_count = 0
         log.info("connecting to AWS:{}".format(self.options.aws.region_name))
-        self.ec2_resource = boto3.resource(
-            "ec2", region_name=self.options.aws.region_name, aws_access_key_id=self.options.aws.aws_access_key_id,
-            aws_secret_access_key=self.options.aws.aws_secret_access_key)
+
+        if not self.options.aws.aws_access_key_id or not self.options.aws.aws_secret_access_key:
+            self.ec2_resource = boto3.resource("ec2", region_name=self.options.aws.region_name)
+        else:
+            self.ec2_resource = boto3.resource(
+                "ec2", region_name=self.options.aws.region_name, aws_access_key_id=self.options.aws.aws_access_key_id,
+                aws_secret_access_key=self.options.aws.aws_secret_access_key)
 
         # Iterate over all instances with tag that has a key of AUTOSCALE_CUCKOO
         for instance in self.ec2_resource.instances.filter(Filters=[{"Name": "instance-state-name",
diff --git a/cuckoo/private/cwd/conf/aws.conf b/cuckoo/private/cwd/conf/aws.conf
index 12e4ee8..fe4e61d 100644
--- a/cuckoo/private/cwd/conf/aws.conf
+++ b/cuckoo/private/cwd/conf/aws.conf
@@ -8,6 +8,7 @@ availability_zone = {{ aws.aws.availability_zone }}
 # Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE)
 # and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
 # To create access keys for your AWS account root user, you must use the AWS Management Console.
+# Leaving these empty will default to picking up credential information from environment or EC2 metadata
 aws_access_key_id = {{ aws.aws.aws_access_key_id }}
 aws_secret_access_key = {{ aws.aws.aws_secret_access_key }}