Added option to configure AWS accountId in AwsS3EntityProvider

Signed-off-by: Diego Bardari <diego.bardari@klarna.com>

.changeset/stale-wombats-talk.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-catalog-backend-module-aws': patch
+---
+
+Added option to configure AWS `accountId` in `AwsS3EntityProvider`

plugins/catalog-backend-module-aws/config.d.ts

@@ -54,6 +54,12 @@ export interface Config {
              * @see https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-region.html
              */
             region?: string;
+            /**
+             * (Optional) AWS Account id.
+             * If not set, main account is used.
+             * @see https://github.com/backstage/backstage/blob/master/packages/integration-aws-node/README.md
+             */
+            accountId?: string;
             /**
              * (Optional) TaskScheduleDefinition for the refresh.
              */
@@ -77,6 +83,12 @@ export interface Config {
                * @see https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-region.html
                */
               region?: string;
+              /**
+               * (Optional) AWS Account id.
+               * If not set, main account is used.
+               * @see https://github.com/backstage/backstage/blob/master/packages/integration-aws-node/README.md
+               */
+              accountId?: string;
               /**
                * (Optional) TaskScheduleDefinition for the refresh.
                */

plugins/catalog-backend-module-aws/src/providers/AwsS3EntityProvider.ts

@@ -146,20 +146,22 @@ export class AwsS3EntityProvider implements EntityProvider {
   /** {@inheritdoc @backstage/plugin-catalog-backend#EntityProvider.connect} */
   async connect(connection: EntityProviderConnection): Promise<void> {
     this.connection = connection;
-    const credProvider =
-      await this.awsCredentialsManager.getCredentialProvider();
+    const { accountId, region, bucketName } = this.config;
+    const credProvider = await this.awsCredentialsManager.getCredentialProvider(
+      accountId ? { accountId } : undefined,
+    );
     this.s3 = new S3({
       apiVersion: '2006-03-01',
       credentialDefaultProvider: () => credProvider.sdkCredentialProvider,
       endpoint: this.integration.config.endpoint,
-      region: this.config.region,
+      region,
       forcePathStyle: this.integration.config.s3ForcePathStyle,
     });
 
     // https://github.com/aws/aws-sdk-js-v3/issues/4122#issuecomment-1298968804
     const endpoint = await getEndpointFromInstructions(
       {
-        Bucket: this.config.bucketName,
+        Bucket: bucketName,
       },
       ListObjectsV2Command,
       this.s3.config as unknown as Record<string, unknown>,

plugins/catalog-backend-module-aws/src/providers/config.ts

@@ -46,6 +46,7 @@ function readAwsS3Config(id: string, config: Config): AwsS3Config {
   const bucketName = config.getString('bucketName');
   const region = config.getOptionalString('region');
   const prefix = config.getOptionalString('prefix');
+  const accountId = config.getOptionalString('accountId');
 
   const schedule = config.has('schedule')
     ? readTaskScheduleDefinitionFromConfig(config.getConfig('schedule'))
@@ -57,5 +58,6 @@ function readAwsS3Config(id: string, config: Config): AwsS3Config {
     region,
     prefix,
     schedule,
+    accountId,
   };
 }

plugins/catalog-backend-module-aws/src/providers/types.ts

@@ -22,4 +22,5 @@ export type AwsS3Config = {
   prefix?: string;
   region?: string;
   schedule?: TaskScheduleDefinition;
+  accountId?: string;
 };