I'm learning to write microservices in Go and I have created an API endpoint using Gin. My use case is that this endpoint receives an AWS role and then assumes it to access some AWS resource. I found out that Gin handles each incoming reqeust in a different go routine and my concern is if this role assumption would work parallely.
I found the following example on how to assume a role on Stackoverflow:
stsClient := sts.NewFromConfig(cfg)
provider := stscreds.NewAssumeRoleProvider(stsClient, roleARN)
cfg.Credentials = aws.NewCredentialsCache(provider)
I'm currently loading aws.Config into a variable, cfg, at the start of the microservice in the main package and I could pass it to the service layer to share it. My questions are:
- Does every request need to load aws config? I'm concerned about the following line that will change the config credential for each request and leave it in the modified state which might cause issues if
cfgis passed to API response logic.
cfg.Credentials = aws.NewCredentialsCache(provider)
- Is the role assumption operation thread safe?
Any guidance is appreciated.
TIA