From b4222908b0c38ccff0dba6df2b7197f3659b99de Mon Sep 17 00:00:00 2001
From: Diego Bardari <diego.bardari@klarna.com>
Date: Thu, 27 Jul 2023 15:55:46 +0200
Subject: [PATCH] Added option to configure AWS accountId in
 AwsS3EntityProvider

Signed-off-by: Diego Bardari <diego.bardari@klarna.com>
---
 .changeset/stale-wombats-talk.md                     |  5 +++++
 plugins/catalog-backend-module-aws/config.d.ts       | 12 ++++++++++++
 .../src/providers/AwsS3EntityProvider.ts             | 10 ++++++----
 .../src/providers/config.ts                          |  2 ++
 .../src/providers/types.ts                           |  1 +
 5 files changed, 26 insertions(+), 4 deletions(-)
 create mode 100644 .changeset/stale-wombats-talk.md

diff --git a/.changeset/stale-wombats-talk.md b/.changeset/stale-wombats-talk.md
new file mode 100644
index 0000000000..f4e0b852f8
--- /dev/null
+++ b/.changeset/stale-wombats-talk.md
@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-catalog-backend-module-aws': patch
+---
+
+Added option to configure AWS `accountId` in `AwsS3EntityProvider`
diff --git a/plugins/catalog-backend-module-aws/config.d.ts b/plugins/catalog-backend-module-aws/config.d.ts
index b3610ccfc5..6a45b6636f 100644
--- a/plugins/catalog-backend-module-aws/config.d.ts
+++ b/plugins/catalog-backend-module-aws/config.d.ts
@@ -54,6 +54,12 @@ export interface Config {
              * @see https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-region.html
              */
             region?: string;
+            /**
+             * (Optional) AWS Account id.
+             * If not set, main account is used.
+             * @see https://github.com/backstage/backstage/blob/master/packages/integration-aws-node/README.md
+             */
+            accountId?: string;
             /**
              * (Optional) TaskScheduleDefinition for the refresh.
              */
@@ -77,6 +83,12 @@ export interface Config {
                * @see https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-region.html
                */
               region?: string;
+              /**
+               * (Optional) AWS Account id.
+               * If not set, main account is used.
+               * @see https://github.com/backstage/backstage/blob/master/packages/integration-aws-node/README.md
+               */
+              accountId?: string;
               /**
                * (Optional) TaskScheduleDefinition for the refresh.
                */
diff --git a/plugins/catalog-backend-module-aws/src/providers/AwsS3EntityProvider.ts b/plugins/catalog-backend-module-aws/src/providers/AwsS3EntityProvider.ts
index 4a87a42e75..4df92b58c2 100644
--- a/plugins/catalog-backend-module-aws/src/providers/AwsS3EntityProvider.ts
+++ b/plugins/catalog-backend-module-aws/src/providers/AwsS3EntityProvider.ts
@@ -146,20 +146,22 @@ export class AwsS3EntityProvider implements EntityProvider {
   /** {@inheritdoc @backstage/plugin-catalog-backend#EntityProvider.connect} */
   async connect(connection: EntityProviderConnection): Promise<void> {
     this.connection = connection;
-    const credProvider =
-      await this.awsCredentialsManager.getCredentialProvider();
+    const { accountId, region, bucketName } = this.config;
+    const credProvider = await this.awsCredentialsManager.getCredentialProvider(
+      accountId ? { accountId } : undefined,
+    );
     this.s3 = new S3({
       apiVersion: '2006-03-01',
       credentialDefaultProvider: () => credProvider.sdkCredentialProvider,
       endpoint: this.integration.config.endpoint,
-      region: this.config.region,
+      region,
       forcePathStyle: this.integration.config.s3ForcePathStyle,
     });
 
     // https://github.com/aws/aws-sdk-js-v3/issues/4122#issuecomment-1298968804
     const endpoint = await getEndpointFromInstructions(
       {
-        Bucket: this.config.bucketName,
+        Bucket: bucketName,
       },
       ListObjectsV2Command,
       this.s3.config as unknown as Record<string, unknown>,
diff --git a/plugins/catalog-backend-module-aws/src/providers/config.ts b/plugins/catalog-backend-module-aws/src/providers/config.ts
index 5ef2729bf0..1ab52f9fd4 100644
--- a/plugins/catalog-backend-module-aws/src/providers/config.ts
+++ b/plugins/catalog-backend-module-aws/src/providers/config.ts
@@ -46,6 +46,7 @@ function readAwsS3Config(id: string, config: Config): AwsS3Config {
   const bucketName = config.getString('bucketName');
   const region = config.getOptionalString('region');
   const prefix = config.getOptionalString('prefix');
+  const accountId = config.getOptionalString('accountId');
 
   const schedule = config.has('schedule')
     ? readTaskScheduleDefinitionFromConfig(config.getConfig('schedule'))
@@ -57,5 +58,6 @@ function readAwsS3Config(id: string, config: Config): AwsS3Config {
     region,
     prefix,
     schedule,
+    accountId,
   };
 }
diff --git a/plugins/catalog-backend-module-aws/src/providers/types.ts b/plugins/catalog-backend-module-aws/src/providers/types.ts
index 204fa154c6..8e12b5f096 100644
--- a/plugins/catalog-backend-module-aws/src/providers/types.ts
+++ b/plugins/catalog-backend-module-aws/src/providers/types.ts
@@ -22,4 +22,5 @@ export type AwsS3Config = {
   prefix?: string;
   region?: string;
   schedule?: TaskScheduleDefinition;
+  accountId?: string;
 };