Revert "Revert "Remove singleton of AWSConfig. Use singleton at Credentials level""

This reverts commit dbd6977.

Author: Kai-Hsin Liu

agent/managedInstances/rolecreds/role_provider.go

@@ -11,6 +11,7 @@ package rolecreds
 
 import (
 	"fmt"
+	"sync"
 	"time"
 
 	"github.com/aws/amazon-ssm-agent/agent/ssm/rsaauth"
@@ -49,13 +50,25 @@ type managedInstancesRoleProvider struct {
 }
 
 var (
-	emptyCredential = credentials.Value{ProviderName: ProviderName}
+	emptyCredential      = credentials.Value{ProviderName: ProviderName}
+	credentialsSingleton *credentials.Credentials
+	lock                 sync.RWMutex
 )
 
-// NewCredentials returns a pointer to a new Credentials object wrapping
-// the managedInstancesRoleProvider. Takes a ConfigProvider to create a EC2Metadata client.
-// The ConfigProvider is satisfied by the session.Session type.
-func NewCredentials(options ...func(*managedInstancesRoleProvider)) *credentials.Credentials {
+// ManagedInstanceCredentialsInstance returns a singleton instance of
+// Crednetials which provides credentials of a managed instance.
+func ManagedInstanceCredentialsInstance() *credentials.Credentials {
+	lock.Lock()
+	defer lock.Unlock()
+	if credentialsSingleton == nil {
+		credentialsSingleton = newManagedInstanceCredentials()
+	}
+	return credentialsSingleton
+}
+
+// newManagedInstanceCredentials returns a pointer to a new Credentials object wrapping
+// the managedInstancesRoleProvider.
+func newManagedInstanceCredentials() *credentials.Credentials {
 	instanceID := managedInstance.InstanceID()
 	region := managedInstance.Region()
 	privateKey := managedInstance.PrivateKey()
@@ -64,10 +77,6 @@ func NewCredentials(options ...func(*managedInstancesRoleProvider)) *credentials
 		ExpiryWindow: EarlyExpiryTimeWindow,
 	}
 
-	for _, option := range options {
-		option(p)
-	}
-
 	return credentials.NewCredentials(p)
 }
 

agent/sdkutil/awsconfig.go

@@ -26,20 +26,10 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 )
 
-var config *aws.Config
-
-func init() {
-	config = getAwsConfig()
-}
-
-// AwsConfig returns the default aws.Config object while the appropriate credentials
-func AwsConfig() *aws.Config {
-	return config
-}
-
-// getAwsConfig : Default AWS config populates with default region and credentials.
-// Callers should override returned config properties with any values they want for service specific overrides.
-func getAwsConfig() (awsConfig *aws.Config) {
+// AwsConfig returns the default aws.Config object while the appropriate
+// credentials. Callers should override returned config properties with any
+// values they want for service specific overrides.
+func AwsConfig() (awsConfig *aws.Config) {
 	// create default config
 	awsConfig = &aws.Config{
 		Retryer:    newRetryer(),
@@ -54,7 +44,8 @@ func getAwsConfig() (awsConfig *aws.Config) {
 
 	// load managed credentials if applicable
 	if isManaged, err := registration.HasManagedInstancesCredentials(); isManaged && err == nil {
-		awsConfig.Credentials = rolecreds.NewCredentials()
+		awsConfig.Credentials =
+			rolecreds.ManagedInstanceCredentialsInstance()
 		return
 	}