Skip to main content

A drop-in replacement for boto3.Session named RefreshableSession. It automatically refreshes temporary AWS credentials, caches clients, and natively supports MFA providers. It also supports automatic temporary AWS security credential refresh for STS, IOT Core, and custom credential callables.

Project description

boto3-refresh-session



What is boto3-refresh-session?

boto3-refresh-session is a simple Python package with a drop-in replacement for boto3.Session named RefreshableSession. It automatically refreshes temporary AWS credentials, caches clients, and supports MFA token providers. It supports automatic temporary AWS security credential refresh for STS, IOT Core, and custom credential callables. And it is thoroughly tested, regularly updated, comprehensively documentated, and published to PyPI.

boto3-refresh-session was authored by Mike Letts and is maintained by 61418.

Why it exists

Although boto3 already supports automatic temporary credential refresh via role assumption as configured in ~/.aws/config, there are scenarios and edge cases where that is insufficient. Below are just a few examples:

  • Profiles or configs are unavailable or impractical (e.g., containerized or serverless environments)
  • You need to explicitly assume roles in a program (not profiles or configs) and hand those credentials around without worrying about expiration
  • Custom credential providers are required (e.g. IOT, external ID, etc.)

boto3-refresh-session exists to fill those gaps (and others not listed) while maintaining full compatibility with boto3.

Although there are other open source tools available which address automatic temporary AWS credential refresh, boto3-refresh-session is ergonomically designed to feel like an extension of boto3 (with a few extra parameters) rather than a separate library with a completely unfamiliar API. Using boto3-refresh-session, you can initialize service clients, resources, collections, etc. from RefreshableSession exactly like you would in boto3. More, the available alternatives to boto3-refresh-session do not support the breadth of features that boto3-refresh-session does, such as client caching, MFA token provider support, or IoT Core X.509 credential refresh, among others. Even if you don't need boto3-refresh-session's core feature (automatic temporary AWS credential refresh), the client caching feature may still be useful to you; however, in that case, you may want to use boto3-client-cache directly instead.

Recognition and testimonials

boto3-refresh-session influenced the creation of the aws configure mfa-login command and introduction of the aws_session_token parameter for the aws configure command in AWS CLI (v2.30.3).

boto3-refresh-session was featured in TL;DR Sec.

boto3-refresh-session was also featured in CloudSecList.

A testimonial from an engineer who uses boto3-refresh-session at Netflix:

Most of my work is on tooling related to AWS security, so I'm pretty choosy about boto3 credentials-adjacent code. I often opt to just write this sort of thing myself so I at least know that I can reason about it. But I found boto3-refresh-session to be very clean and intuitive [...] We're using AWS Lambda to perform lots of operations across several regions in hundreds of accounts, over and over again, all day every day. And it turns out that there's a surprising amount of overhead to creating boto3 clients (mostly deserializing service definition json), so we can run MUCH more efficiently if we keep a cache of clients, all equipped with automatically refreshing sessions.

Installation

boto3-refresh-session is available on PyPI.

# with pip
pip install boto3-refresh-session

# with pip + iot as an extra
pip install boto3-refresh-session[iot]

# installation for contributors
uv sync --all-groups --extra iot

Usage

Refer to the official usage documentation for detailed guidance on how to use boto3-refresh-session.

Refer to the official API documentation for technical information about boto3-refresh-session.

Versions

Refer to the changelog for additional information on specific versions and releases.

License

Beginning v7.0.0, boto3-refresh-session is licensed under Mozilla Public License 2.0 (MPL-2.0). Earlier versions remain licensed under the MIT License.

Contributing

Refer to the contributing guidelines for additional information on contributing to boto3-refresh-session.

Special thanks

The people listed below inspired features, adopted boto3-refresh-session early, provided critical feedback, and more. Thank you for all of your support, encouragement, and guidance which make this project possible.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

boto3_refresh_session-10.0.7.tar.gz (33.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

boto3_refresh_session-10.0.7-py3-none-any.whl (53.6 kB view details)

Uploaded Python 3

File details

Details for the file boto3_refresh_session-10.0.7.tar.gz.

File metadata

  • Download URL: boto3_refresh_session-10.0.7.tar.gz
  • Upload date:
  • Size: 33.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for boto3_refresh_session-10.0.7.tar.gz
Algorithm Hash digest
SHA256 5680f3be8f3f142006e22b6433ab041572a5f946f91fff42c8cbcc217aa38247
MD5 353db1cb5335234ccc71b000a183e31a
BLAKE2b-256 60c2e2f91f9602841ade483225f2407637539066c4ba2d85b2114649f4f67dac

See more details on using hashes here.

Provenance

The following attestation bundles were made for boto3_refresh_session-10.0.7.tar.gz:

Publisher: push.yml on 61418/boto3-refresh-session

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file boto3_refresh_session-10.0.7-py3-none-any.whl.

File metadata

File hashes

Hashes for boto3_refresh_session-10.0.7-py3-none-any.whl
Algorithm Hash digest
SHA256 5bc54647ed2901c5c409a67d86ddbfb11f64f223ff5ed4fa369433dbe29f60a1
MD5 6186a98e2118d455e596205384751cf8
BLAKE2b-256 e156ec1fed4fef554054d2464456db0ff043bc0603dba4ce524ceaa40d0b70a9

See more details on using hashes here.

Provenance

The following attestation bundles were made for boto3_refresh_session-10.0.7-py3-none-any.whl:

Publisher: push.yml on 61418/boto3-refresh-session

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page