A drop-in replacement for boto3.Session named RefreshableSession. It automatically refreshes temporary AWS credentials, caches clients, and natively supports MFA providers. It also supports automatic temporary AWS security credential refresh for STS, IOT Core, and custom credential callables.
Project description
What is boto3-refresh-session?
boto3-refresh-session is a simple Python package with a drop-in replacement for boto3.Session named RefreshableSession. It automatically refreshes temporary AWS credentials, caches clients, and supports MFA token providers. It supports automatic temporary AWS security credential refresh for STS, IOT Core, and custom credential callables. And it is thoroughly tested, regularly updated, comprehensively documentated, and published to PyPI.
boto3-refresh-session was authored by Mike Letts and is maintained by 61418.
Why it exists
Although boto3 already supports automatic temporary credential refresh via role assumption as configured in ~/.aws/config, there are
scenarios and edge cases where that is insufficient. Below are just a few examples:
- Profiles or configs are unavailable or impractical (e.g., containerized or serverless environments)
- You need to explicitly assume roles in a program (not profiles or configs) and hand those credentials around without worrying about expiration
- Custom credential providers are required (e.g. IOT, external ID, etc.)
boto3-refresh-session exists to fill those gaps (and others not listed) while maintaining full compatibility with boto3.
Although there are other open source tools available which address automatic temporary AWS credential refresh, boto3-refresh-session is ergonomically designed to feel like an extension of boto3 (with a few extra parameters) rather than a separate library with a completely unfamiliar API. Using boto3-refresh-session, you can initialize service clients, resources, collections, etc. from RefreshableSession exactly like you would in boto3. More, the available alternatives to boto3-refresh-session do not support the breadth of features that boto3-refresh-session does, such as client caching, MFA token provider support, or IoT Core X.509 credential refresh, among others. Even if you don't need boto3-refresh-session's core feature (automatic temporary AWS credential refresh), the client caching feature may still be useful to you; however, in that case, you may want to use boto3-client-cache directly instead.
Recognition and testimonials
boto3-refresh-session influenced the creation of the aws configure mfa-login command and introduction of the aws_session_token parameter for the aws configure command in AWS CLI (v2.30.3).
boto3-refresh-session was featured in TL;DR Sec.
boto3-refresh-session was also featured in CloudSecList.
A testimonial from an engineer who uses boto3-refresh-session at Netflix:
Most of my work is on tooling related to AWS security, so I'm pretty choosy about boto3 credentials-adjacent code. I often opt to just write this sort of thing myself so I at least know that I can reason about it. But I found boto3-refresh-session to be very clean and intuitive [...] We're using AWS Lambda to perform lots of operations across several regions in hundreds of accounts, over and over again, all day every day. And it turns out that there's a surprising amount of overhead to creating boto3 clients (mostly deserializing service definition json), so we can run MUCH more efficiently if we keep a cache of clients, all equipped with automatically refreshing sessions.
Installation
boto3-refresh-session is available on PyPI.
# with pip
pip install boto3-refresh-session
# with pip + iot as an extra
pip install boto3-refresh-session[iot]
# installation for contributors
uv sync --all-groups --extra iot
Usage
Refer to the official usage documentation for detailed guidance on how to use boto3-refresh-session.
Refer to the official API documentation for technical information about boto3-refresh-session.
Versions
Refer to the changelog for additional information on specific versions and releases.
License
Beginning v7.0.0, boto3-refresh-session is licensed under Mozilla Public License 2.0 (MPL-2.0). Earlier versions remain licensed under the MIT License.
Contributing
Refer to the contributing guidelines for additional information on contributing to boto3-refresh-session.
Special Thanks
The people listed below inspired features, adopted boto3-refresh-session early, provided critical feedback, and more. Thank you for all of your support, encouragement, and guidance which make this project possible.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file boto3_refresh_session-10.0.6.tar.gz.
File metadata
- Download URL: boto3_refresh_session-10.0.6.tar.gz
- Upload date:
- Size: 33.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f829392460370a622405e4f0dfa1b7889cd766f8ec87837a1e57822402125e57
|
|
| MD5 |
0d06c4cbd73b87230e29cf90f139bc79
|
|
| BLAKE2b-256 |
943d7d9504952a31457d62cf02f1cf066ad42a148bd2a1b072a29a19849f573b
|
Provenance
The following attestation bundles were made for boto3_refresh_session-10.0.6.tar.gz:
Publisher:
push.yml on 61418/boto3-refresh-session
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
boto3_refresh_session-10.0.6.tar.gz -
Subject digest:
f829392460370a622405e4f0dfa1b7889cd766f8ec87837a1e57822402125e57 - Sigstore transparency entry: 1286846279
- Sigstore integration time:
-
Permalink:
61418/boto3-refresh-session@40d54aa72968894c54eadcf33e4b286d6098bb65 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/61418
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
push.yml@40d54aa72968894c54eadcf33e4b286d6098bb65 -
Trigger Event:
push
-
Statement type:
File details
Details for the file boto3_refresh_session-10.0.6-py3-none-any.whl.
File metadata
- Download URL: boto3_refresh_session-10.0.6-py3-none-any.whl
- Upload date:
- Size: 53.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f58deb30fed37349871670e7bdaf36c43662b7550628f2b81714787a86e3849d
|
|
| MD5 |
d21b525118cca1bddbf1b6a9e5b57c5e
|
|
| BLAKE2b-256 |
ba72876f6e7f7c5a133baaddb60381f07a910692c6bfea02bf4232ab6aafc61a
|
Provenance
The following attestation bundles were made for boto3_refresh_session-10.0.6-py3-none-any.whl:
Publisher:
push.yml on 61418/boto3-refresh-session
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
boto3_refresh_session-10.0.6-py3-none-any.whl -
Subject digest:
f58deb30fed37349871670e7bdaf36c43662b7550628f2b81714787a86e3849d - Sigstore transparency entry: 1286846406
- Sigstore integration time:
-
Permalink:
61418/boto3-refresh-session@40d54aa72968894c54eadcf33e4b286d6098bb65 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/61418
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
push.yml@40d54aa72968894c54eadcf33e4b286d6098bb65 -
Trigger Event:
push
-
Statement type:
