Boto3 session creator for IAM Roles Anywhere
Project description
IAM Roles Anywhere Session
This package provides an easy way to create a refreshable boto3 Session with AWS Roles Anywhere.
This package implements the algorithm described here: https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-sign-process.html.
Limitations
- Additional x509 Certificate Chain not yet supported
Install
- From PyPi
pip install iam-rolesanywhere-session
- From source
git clone https://github.com/awslabs/iam-roles-anywhere-session.git
python3 setup.py install
Configuration
For this package to work you will need to have at your disposal your certificate
and private_key
file in a PEM format.
IAMRoleAnywhereSession will take multiple arguments:
Name | Description | Type | Default value |
---|---|---|---|
profile_arn | The Amazon Resource Name (ARN) of the profile. | string | None |
role_arn | The Amazon Resource Name (ARN) of the role to assume. | string | None |
trust_anchor_arn | The Amazon Resource Name (ARN) of the trust anchor. | string | None |
certificate | The x509 certificate file, in PEM format. | path or bytes | None |
private_key | The certificate private key file, in PEM Format. | path or bytes | None |
passphrase | The passphrase use to decrypt private key file. | string | None |
region | The name of the region where you configured IAM Roles Anywhere. | string | us-east-1 |
session_duration | The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to 3600 seconds (1 hour). | int | 3600 |
service_name | An identifier for the service, used to build the botosession. | string | rolesanywhere |
endpoint | Roles Anywhere API endpoint to use | string | {service_name}.{region_name}.amazonaws.com' |
Usage
Example
- Minimum implementation
from iam_rolesanywhere_session import IAMRolesAnywhereSession
roles_anywhere_session = IAMRolesAnywhereSession(
profile_arn="arn:aws:rolesanywhere:eu-central-1:************:profile/a6294488-77cf-4d4a-8c5c-40b96690bbf0",
role_arn="arn:aws:iam::************:role/IAMRolesAnywhere-01",
trust_anchor_arn="arn:aws:rolesanywhere:eu-central-1::************::trust-anchor/4579702c-9abb-47c2-88b2-c734e0b29539,
certificate='certificate.pem',
private_key='privkey.pem',
region="eu-central-1"
).get_session()
s3 = roles_anywhere_session.client("s3")
print(s3.list_buckets())
- Use a different region for IAM Roles Anywhere and the session.
from iam_rolesanywhere_session import IAMRolesAnywhereSession
roles_anywhere_session = IAMRolesAnywhereSession(
profile_arn="arn:aws:rolesanywhere:eu-central-1:************:profile/a6294488-77cf-4d4a-8c5c-40b96690bbf0",
role_arn="arn:aws:iam::************:role/IAMRolesAnywhere-01",
trust_anchor_arn="arn:aws:rolesanywhere:eu-central-1::************::trust-anchor/4579702c-9abb-47c2-88b2-c734e0b29539,
certificate='certificate.pem',
private_key='privkey.pem',
region="eu-central-1"
).get_session(region="eu-west-1")
s3 = roles_anywhere_session.client("s3")
print(s3.list_buckets())
- Private Key encoded with a passphrase
from iam_rolesanywhere_session import IAMRolesAnywhereSession
roles_anywhere_session = IAMRolesAnywhereSession(
profile_arn="arn:aws:rolesanywhere:eu-central-1:************:profile/a6294488-77cf-4d4a-8c5c-40b96690bbf0",
role_arn="arn:aws:iam::************:role/IAMRolesAnywhere-01",
trust_anchor_arn="arn:aws:rolesanywhere:eu-central-1::************::trust-anchor/4579702c-9abb-47c2-88b2-c734e0b29539,
certificate='certificate.pem',
private_key='privkey.pem',
private_key_passphrase = "my_secured_passphrase",
region="eu-central-1"
).get_session(region="eu-west-1")
s3 = roles_anywhere_session.client("s3")
print(s3.list_buckets())
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for iam_rolesanywhere_session-1.0.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3957bddc8ef0b5d113cb03061e8d5452371d75b46daa1f2129f9af50266d4c60 |
|
MD5 | e2d72243fcbf12cabd698e2e583fc9b3 |
|
BLAKE2b-256 | a63164e5d317ef8b0ee830cbc5e5748061126af0a1c17912a4b553d5d3a026b1 |
Close
Hashes for iam_rolesanywhere_session-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3d39917f7b0b060aaaf010a137c9afaa4984c29f3800134eb899660b55a7477f |
|
MD5 | 66daa972eb34b0bd0ab1ac227288fbd2 |
|
BLAKE2b-256 | d20a04bd8e28e45a837c027dda5224418655b51402621243fab6a6fadad2f63e |