From cd1ebb8049ac45384e79af3ddb7101a789a1353b Mon Sep 17 00:00:00 2001
From: Robert Clark <rbclarkdev@gmail.com>
Date: Mon, 25 Sep 2023 13:54:28 -0400
Subject: [PATCH] Allow passing a roleArn and externalId when using ENV

---
 src/services/index.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/services/index.ts b/src/services/index.ts
index c3620655..cf49fc89 100644
--- a/src/services/index.ts
+++ b/src/services/index.ts
@@ -430,6 +430,16 @@ export default class Provider extends CloudGraph.Client {
       }
       if (usingEnvCreds) {
         this.logger.success('Using credentials set by ENV variables')
+        if(role) {
+          this.logger.success(`roleARN: ${chalk.underline.green(
+            obfuscateSensitiveString(role)
+          )}`)
+        }
+        if(externalId) {
+          this.logger.success(`externalId: ${chalk.underline.green(
+            obfuscateSensitiveString(externalId)
+          )}`)
+        }
       } else {
         this.logger.success('Found and using the following AWS credentials')
         this.logger.success(
@@ -702,7 +712,7 @@ export default class Provider extends CloudGraph.Client {
     // If the user has passed aws creds as env variables, dont use profile list
     if (usingEnvCreds) {
       rawData = await this.getRawData(
-        { profile: 'default', roleArn: undefined, externalId: undefined },
+        { profile: 'default', roleArn: process.env.AWS_ROLE_ARN, externalId: process.env.AWS_ROLE_EXTERNAL_ID },
         opts
       )
     } else {