Skip to main content

Easily create boto3/aioboto3 assume role sessions with automatic credential refreshing.

Project description

boto3-assume

boto3-assume has one simple goal. Easily create boto3/aioboto3 assume role sessions with automatic credential refreshing.

Installation

Install with pip:

$ pip install boto3-assume

NOTE - It currently doesn't come with boto3 or aioboto3 , so you need install to one or both as needed.

Tutorial

There are only 2 functions assume_role_session and assume_role_aio_session

For boto3:

import boto3
from boto3_assume import assume_role_session

assume_session = assume_role_session(
    source_session=boto3.Session(), # You must pass in a boto3 session that automatically refreshes!
    RoleArn="arn:aws:iam::123412341234:role/my_role",
    RoleSessionName="my-role-session"
)

# Create clients, and their credentials will auto-refresh when expired!
sts_client = assume_session.client("sts", region_name="us-east-1")
print(sts_client.get_caller_identity())
# {
#     "UserId": "EXAMPLEID", 
#     "Account": "123412341234", 
#     "Arn": "arn:aws:sts::123412341234:role/my_role", 
#     "ResponseMetadata": {
#         "RequestId": "asdfqwfqwfasdfasdfasfsdf", 
#         "HTTPStatusCode": 200, 
#         "HTTPHeaders": {
#             "server": "amazon.com", 
#             "date": "Tue, 27 Jun 2023 00:00:00 GMT"
#         }, 
#         "RetryAttempts": 0
#     }
# }

For aioboto3:

import asyncio

import aioboto3
from boto3_assume import assume_role_aio_session

# since this uses "Deferred" credentials you don't need to call this within a coroutine or context manager
assume_session = assume_role_session(
    source_session=aioboto3.Session(), # You must pass in an aioboto3 session that automatically refreshes!
    RoleArn="arn:aws:iam::123412341234:role/my_role",
    RoleSessionName="my-role-session"
)

async def main():
    # Create clients, and their credentials will auto-refresh when expired!
    async with assume_session.client("sts", region_name="us-east-1") as sts_client:
        print(await sts_client.get_caller_identity())
        # {
        #     "UserId": "EXAMPLEID", 
        #     "Account": "123412341234", 
        #     "Arn": "arn:aws:sts::123412341234:role/my_role", 
        #     "ResponseMetadata": {
        #         "RequestId": "asdfqwfqwfasdfasdfasfsdf", 
        #         "HTTPStatusCode": 200, 
        #         "HTTPHeaders": {
        #             "server": "amazon.com", 
        #             "date": "Tue, 27 Jun 2023 00:00:00 GMT"
        #         }, 
        #         "RetryAttempts": 0
        #     }
        # }

asyncio.run(main())

Under the hood a boto3/aioboto3 sts client will be created and assume_role called to get/refresh credentials.

If you want you can also specify extra kwargs for the sts client, and for the assume_role call.

NOTE: The "sts" service is already specified for the client. RoleArn and RoleSessionName are used in the assume role call.

import boto3
from boto3_assume import assume_role_session
from botocore.config import Config

assume_session = assume_role_session(
    source_session=boto3.Session(), # You must pass in a boto3 session that automatically refreshes!
    RoleArn="arn:aws:iam::123412341234:role/my_role",
    RoleSessionName="my-role-session",
    sts_client_kwargs={
        "region_name": "us-east-1",
        "config": Config(
            retries={
                "total_max_attempts": 10,
                "mode": "adaptive"
            }
        )
    },
    assume_role_kwargs={
        "DurationSeconds": 900
    }
)

Development

Install the package in editable mode with dev dependencies.

(venv) $ pip install -e .[dev,all]

nox is used to manage various dev functions. Start with

(venv) $ nox --help

pyenv is used to manage python versions. To run the nox tests for applicable python version you will first need to install them. In the root project dir run:

(venv) $ pyenv install

Changelog

Changelog for boto3-assume. All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.1.2] - 2024-05-18

Removed

- `boto3` and `aioboto3` package extras.  They didn't work and weren't documented correctly. 

Fixed

- `datetime.datetime.utcnow()` deprecation in tests for python 3.12

[0.1.1] - 2023-06-28

Fixed

- Formatting for Changelog, README

[0.1.0] - 2023-06-28

Initial Release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

boto3_assume-0.1.2.tar.gz (10.6 kB view details)

Uploaded Source

Built Distribution

boto3_assume-0.1.2-py3-none-any.whl (10.4 kB view details)

Uploaded Python 3

File details

Details for the file boto3_assume-0.1.2.tar.gz.

File metadata

  • Download URL: boto3_assume-0.1.2.tar.gz
  • Upload date:
  • Size: 10.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.8.18

File hashes

Hashes for boto3_assume-0.1.2.tar.gz
Algorithm Hash digest
SHA256 314cdc6e4913fa80849870b72596a2b8dd3139d56590d8c20c7e2684a65e7456
MD5 8e7abae80ab072fb808a3fded760ed40
BLAKE2b-256 f6c9bb3790c1722e897a3e7683e72a01d7b3a38bfa3ea35a3b899a4c201949a4

See more details on using hashes here.

File details

Details for the file boto3_assume-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: boto3_assume-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 10.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.8.18

File hashes

Hashes for boto3_assume-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 e62eb52df0eb81046565a17304a6f8d566ec03572199c9b83a4e78c1acafb307
MD5 eee04c666bf466fa5f7397c0dff5af29
BLAKE2b-256 70ee8bbe0c34732cffab6ef4a8faa849fc871628663fdfd0b0f88da5df1b2b60

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page