Skip to content

feat: migrate from aws-sdk-go v1 to v2#50

Merged
ian-flores merged 4 commits intomainfrom
aws-sdk-v2-migration
Feb 19, 2026
Merged

feat: migrate from aws-sdk-go v1 to v2#50
ian-flores merged 4 commits intomainfrom
aws-sdk-v2-migration

Conversation

@ian-flores
Copy link
Contributor

@ian-flores ian-flores commented Jan 26, 2026
edited
Loading

Summary

  • Migrate AWS SDK usage from deprecated aws-sdk-go (v1) to aws-sdk-go-v2
  • Replace session-based auth with config-based auth pattern
  • Update Secrets Manager client to v2 API

Test plan

  • All api/product tests pass
  • No remaining v1 references in codebase
  • Manual verification in staging environment

Closes #12

@ian-flores
feat: migrate from aws-sdk-go v1 to v2
36807ef 
Migrate AWS SDK usage from the deprecated aws-sdk-go (v1) to
aws-sdk-go-v2. This addresses issue #12.

Changes:
- Replace session-based auth with config-based auth pattern
- Update Secrets Manager client to v2 API
- Replace endpoints.UsEast2RegionID with local constant
- Remove v1 dependency entirely

Closes #12
@claude
Copy link

claude bot commented Jan 26, 2026
edited
Loading

Claude finished @ian-flores's task —— View job

Reviewing PR #50

  • Read review guidelines
  • Analyze changed files
  • Create pending review
  • Add inline comments (submitted in review body due to permissions)
  • Submit review

Review submitted with feedback on security, code quality, and one suggestion for improved nil handling.

claude[bot]
claude bot reviewed Jan 26, 2026
View reviewed changes
Copy link

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AWS SDK v2 Migration Review

Overall this is a clean migration from AWS SDK v1 to v2. The changes follow the correct v2 patterns and improve code readability.

Security (Credential Handling)

  • config.LoadDefaultConfig(ctx, ...) correctly passes context and uses the standard credential chain
  • ✅ Region configuration properly flows through GetAWSRegion()

Code Quality

api/product/secret.go

  • The flattened control flow (early returns instead of nested if-else) is easier to follow
  • Suggestion: Consider adding a nil check for valueOutput.SecretString at line 156. The v2 API can return SecretBinary instead of SecretString for binary secrets: 
    if valueOutput.SecretString == nil {
    return "", errors.New("secret returned as binary, expected string")
}

api/product/util.go

  • Using const defaultAWSRegion = "us-east-2" instead of endpoints.UsEast2RegionID is a reasonable tradeoff - removes SDK dependency while maintaining backwards compatibility

Dependencies

  • ✅ v1 SDK (github.com/aws/aws-sdk-go) and its transitive dependency (go-jmespath) properly removed
  • ✅ v2 modules appropriately scoped (only importing what's needed)

Testing

  • Test updated to use hardcoded region string instead of SDK constant - maintains test coverage

@ian-flores
Copy link
Contributor Author

ian-flores commented Feb 19, 2026
edited
Loading

Staging Verification (ganso01-staging)

Deployed adhoc image ghcr.io/posit-dev/team-operator:adhoc-aws-sdk-v2-migration-v1.11.2-5-g3aacbd6 to ganso01-staging via the clusters step and confirmed the AWS SDK v2 migration is working correctly.

Operator rolled out cleanly:

deployment "team-operator-controller-manager" successfully rolled out
image: ghcr.io/posit-dev/team-operator:adhoc-aws-sdk-v2-migration-v1.11.2-5-g3aacbd6

Secrets Manager calls succeeding: Logs confirm the operator is fetching credentials from AWS Secrets Manager using the v2 SDK without errors:

INFO  using username/password retrieved from dbCredentialSecret  {"vault_name": "arn:aws:secretsmanager:us-east-2:<account-id>:secret:rds!db-02362b14-..."}
INFO  defining site with main database connection  {"db-url": "postgres://postgres:xxxxx@..."}

Multiple controllers (site, postgresdatabase, workbench, connect) all reconciled successfully with secrets sourced from Secrets Manager. No AWS-related errors in logs.

The only errors present (alt-packagemanager image required value) are pre-existing and unrelated to this change.

@ian-flores ian-flores marked this pull request as ready for review February 19, 2026 19:56
stevenolen
stevenolen approved these changes Feb 19, 2026
View reviewed changes
Copy link
Collaborator

@stevenolen stevenolen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm!:

@ian-flores ian-flores added this pull request to the merge queue Feb 19, 2026
Merged via the queue into main with commit 55708e7 Feb 19, 2026
4 checks passed
@ian-flores ian-flores deleted the aws-sdk-v2-migration branch February 19, 2026 20:03
ian-flores pushed a commit that referenced this pull request Feb 19, 2026
@semantic-release-bot
chore(release): 1.12.0 [skip ci]
a59d1c0 
# [1.12.0](v1.11.2...v1.12.0) (2026-02-19)

### Features

* migrate from aws-sdk-go v1 to v2 ([#50](#50)) ([55708e7](55708e7))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@stevenolen stevenolen stevenolen approved these changes

@timtalbot timtalbot Awaiting requested review from timtalbot

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

team operator: aws-sdk-go is deprecated. Use aws-sdk-go-v2

2 participants

@ian-flores @stevenolen