refactor AWSSecretsManager to check region configuration after loading SDK config

lukaszcl · lukaszcl · commit 017c942dc589 · 2025-01-09T14:12:18.000+01:00
diff --git a/book/src/lib/client/aws_secrets_manager.md b/book/src/lib/client/aws_secrets_manager.md
@@ -10,11 +10,10 @@ Creating a new instance is straight-forward. You should either use environment v
 > [!NOTE]
 > Environment variables take precedence over shared credentials.
 
-## Using environment variables
-You can pass required configuration as following environment variables:
-* `AWS_ACCESS_KEY_ID`
-* `AWS_SECRET_ACCESS_KEY`
-* `AWS_REGION`
+Once you have an instance of AWS Secrets Manager you gain access to following functions:
+* `CreateSecret(key string, val string, override bool) error`
+* `GetSecret(key string) (AWSSecret, error)`
+* `RemoveSecret(key string, noRecovery bool) error`
 
 ## Using shared credentials
 If you have shared credentials stored in `.aws/credentials` file, then the easiest way to configure the client is by setting
@@ -23,11 +22,11 @@ If you have shared credentials stored in `.aws/credentials` file, then the easie
 > [!WARNING]
 > Remember, that most probably you will need to manually create a new session for that profile before running your application.
 
-
 > [!NOTE]
 > You can read more about configuring the AWS SDK [here](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html).
 
-Once you have an instance of AWS Secrets Manager you gain access to following functions:
-* `CreateSecret(key string, val string, override bool) error`
-* `GetSecret(key string) (AWSSecret, error)`
-* `RemoveSecret(key string, noRecovery bool) error`
+## Using environment variables
+You can pass required configuration as following environment variables:
+* `AWS_ACCESS_KEY_ID`
+* `AWS_SECRET_ACCESS_KEY`
+* `AWS_REGION`
diff --git a/framework/secretsmanager.go b/framework/secretsmanager.go
@@ -66,14 +66,16 @@ type AWSSecretsManager struct {
 // NewAWSSecretsManager create a new connection to AWS Secrets Manager
 func NewAWSSecretsManager(requestTimeout time.Duration) (*AWSSecretsManager, error) {
 	cfg, err := config.LoadDefaultConfig(context.TODO())
-	region := os.Getenv("AWS_REGION")
-	if region == "" {
-		return nil, fmt.Errorf("region is required for AWSSecretsManager, use env variable: export AWS_REGION=...: %w", err)
-	}
-	cfg.Region = region
 	if err != nil {
 		return nil, fmt.Errorf("unable to load AWS SDK config, %v", err)
 	}
+	if cfg.Region == "" {
+		region := os.Getenv("AWS_REGION")
+		if region == "" {
+			return nil, fmt.Errorf("region is required for AWSSecretsManager, use env variable: export AWS_REGION")
+		}
+		cfg.Region = region
+	}
 	l := log.Logger.With().Str("Component", "AWSSecretsManager").Logger()
 	l.Info().Msg("Connecting to AWS Secrets Manager")
 	return &AWSSecretsManager{
