IAM Roles Anywhere credentials helper
Project description
Iamra
IAM Roles Anywhere credentials helper.
Iamra (ahy-em-rah) is a helper library to abstract and make obtaining temporary AWS IAM credentials easy through using AWS Identity and Access Management Roles Anywhere. Once configured in the cloud, Iamra sessions can be created, and then when credentials are needed, a single call will update the AWS credentials, that can be directly used via boto3 session or client.
Features
- Single object per session, allowing for different scoped credentials
- RSA and EC certificate / private key support
- Certificate chain support for X.509 certificated signed by an intermediate Certificate Authority
- Cached credentials within the expiration time to reduce unneeded calls to IAM Roles Anywhere, but can be force-refreshed as needed
Requirements
- Python 3.9 or later support
- Creation of a trust anchor and profile in the cloud
- Valid X.509 certificate, private key, and optionally a certificate chain file
Installation
You can install Iamra via pip from PyPI:
$ pip install iamra
Usage
Basic usage with local private key and X.509 certificate:
>>> import iamra
>>> # Create a session object
>>> iamra_session = iamra.Credentials(
region="us-east-1",
certificate_filename="client.pem",
private_key_filename="client.key",
duration=3600,
profile_arn="arn:aws:rolesanywhere:us-west-2:1234567890:profile/3d203fc0-7bba-4ec1-a6ef-697504ce1c72",
role_arn="arn:aws:iam::1234567890:role/IamRoleWithPermissionsToUse",
session_name="my_client_test_session",
trust_anchor_arn="arn:aws:rolesanywhere:us-west-2:1234567890:trust-anchor/29efd0b1-1b66-4df4-8ae7-e935716efd8e",
)
>>> # Invoke getting credentials from Roles Anywhere
>>> iamra_session.get_credentials()
>>> # Directly access credentials
>>> iamra_session.access_key_id
'ASIA5FLYQEXXXXXXZ27N'
>>> iamra_session.secret_access_key
'HhAViXXXXqIZrq/qENC4ahPqssXXXX9DEfx3mTv'
>>> iamra_session.session_token
'IQoJb3JpZ2luX2VjEMf//////////wEaCXVzLXdlc3QtMiJHMEUCIEz9JVF+nQce3rmd6OmfJAbTHNbG7RJLEEa6xECqEEbQAiEA6yd2mbe0akoO+np/EgrSA/
...
fARzrFrr0VEpiqFY42NWjFdFUhdLkPiuhsLoTYH+OnaGl92OxAho3j0='
>>> # Create a boto3 session
>>> import boto3
>>> aws_session = boto3.Session(
aws_access_key_id=iamra_session.access_key_id,
aws_secret_access_key=iamra_session.aws_secret_access_key,
aws_session_token=iamra_session.aws_session_token,
region_name="us-west-2",
)
Documentation
Here is the documentation that covers advanced usage and module reference.
Contributing
Contributions are very welcome. To learn more, see the Contributor Guide.
License
Distributed under the terms of the MIT license, Iamra is free and open source software.
Issues
If you encounter any problems, please file an issue along with a detailed description.
Credits
This project was generated from @cjolowicz's Hypermodern Python Cookiecutter template.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file iamra-0.5.0.tar.gz.
File metadata
- Download URL: iamra-0.5.0.tar.gz
- Upload date:
- Size: 14.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.11.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3c1ab79a5b6fd081cccc95359d39e997967a562d02c2ef1ad380e64cc0a128f4 |
|
| MD5 | a247ee2ec788d78337171a1e26aebfd1 |
|
| BLAKE2b-256 | 1c65d4c8a664cd8ae08b8ca42e013d688876f39dc4fdf99a468341774829d345 |
File details
Details for the file iamra-0.5.0-py3-none-any.whl.
File metadata
- Download URL: iamra-0.5.0-py3-none-any.whl
- Upload date:
- Size: 13.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.11.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | be967944fda31c6bcfcd0339bb60d36fe2855e8fa6a2c8c1455b28eb647cd86d |
|
| MD5 | 5a88b458c2ab7334f683d2695830eb07 |
|
| BLAKE2b-256 | a108aeb7c0b12346dea0f9219351e28aead48434ca38966b14b67707f3a21511 |
