AWS plugins for Imbi (IAM Identity Center, SSM, CloudWatch Logs)

Navigation

Verified details

These details have been verified by PyPI
Owner

Unverified details

These details have not been verified by PyPI
Meta
  • License: BSD-3-Clause
  • Author: Gavin M. Roy
  • Requires: Python >=3.14
Classifiers
Report project as malware

Reason this release was yanked:

Mistagged version

Project description

imbi-plugin-aws

AWS provider for the Imbi project logs and configuration tabs.

Plugins shipped

This package ships (or will ship) three entry points from one distribution:

Slug Type Status
aws-iam-ic identity ✅ shipped
aws-ssm configuration planned
aws-cloudwatch-logs logs planned

The identity plugin federates each Imbi user into AWS via IAM Identity Center (formerly AWS SSO) and mints short-lived STS credentials per call. The data plugins (when shipped) consume those credentials transparently — see the contract below.

Identity consumption contract for the data plugins

When a project's (:Project)-[:USES_PLUGIN]->(:Plugin) edge or project-type fallback names this package's aws-iam-ic plugin via the identity_plugin_id edge property, the host-side hydrate_identity() helper runs aws-iam-ic.materialize() before calling the data plugin's handler. materialize() calls GetRoleCredentials against the IAM IC Portal API and returns short-lived STS keys in IdentityCredentials.extra:

IdentityCredentials(
    access_token=<unchanged IAM IC token>,
    extra={
        'aws_access_key_id':     'AKIA...',
        'aws_secret_access_key': '...',
        'aws_session_token':     '...',
        'aws_region':            'us-east-1',
        'aws_account_id':        '111111111111',
    },
)

The host attaches this to PluginContext.identity and the data plugins read it from there. Concretely, when aws-ssm (or aws-cloudwatch-logs) is invoked:

async def list_keys(self, ctx, credentials):
    if ctx.identity is not None:
        # IAM IC path: credentials dict is empty (no operator-supplied
        # static keys); read STS from ctx.identity.extra.
        aws_creds = ctx.identity.extra
    else:
        # Static-key path: ServiceApplication.plugin_credentials carries
        # access_key_id / secret_access_key / session_token.
        aws_creds = credentials
    session = aiobotocore.session.get_session()
    client = session.create_client(
        'ssm',
        region_name=aws_creds['aws_region'],
        aws_access_key_id=aws_creds['aws_access_key_id'],
        aws_secret_access_key=aws_creds['aws_secret_access_key'],
        aws_session_token=aws_creds.get('aws_session_token'),
    )
    ...

The data plugin doesn't know whether the caller is federated (via aws-iam-ic) or running as a service principal (legacy ServiceApplication.plugin_credentials). Same five well-known keys, sourced differently.

requires_identity=true on a future logs/configuration manifest would make the federated path mandatory; today both plugins fall back to the service-principal credentials when no ctx.identity is set.

License

BSD-3-Clause.

Project details

Verified details

These details have been verified by PyPI
Owner

Unverified details

These details have not been verified by PyPI
Meta
  • License: BSD-3-Clause
  • Author: Gavin M. Roy
  • Requires: Python >=3.14
Classifiers

Release history Release notifications | RSS feed

1.0.0

This version

0.1.0 yanked

Reason this release was yanked:

Mistagged version

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

imbi_plugin_aws-0.1.0.tar.gz (152.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

imbi_plugin_aws-0.1.0-py3-none-any.whl (36.7 kB view details)

Uploaded Python 3

File details

Details for the file imbi_plugin_aws-0.1.0.tar.gz.

File metadata

  • Download URL: imbi_plugin_aws-0.1.0.tar.gz
  • Upload date:
  • Size: 152.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for imbi_plugin_aws-0.1.0.tar.gz
Algorithm Hash digest
SHA256 638eb4132410ffa48cf9434cae0673e0cbb948790e0e1f1af0a62a4f41efed68
MD5 1113e4eff3d16ee7d118d6d3c1cd35ed
BLAKE2b-256 cb5df9ac5b997ee974c72c88cbd8cbda019bb0c97a243996da77035058e46846

See more details on using hashes here.

Provenance

The following attestation bundles were made for imbi_plugin_aws-0.1.0.tar.gz:

Publisher: publish.yml on AWeber-Imbi/imbi-plugin-aws

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file imbi_plugin_aws-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: imbi_plugin_aws-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 36.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for imbi_plugin_aws-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1f9ede1c26272b395d3d26b63fd4c074703dc0625ade754abcea3fd5ef8fdb4b
MD5 e707695fb5425fcf99b2be0f489de6cf
BLAKE2b-256 d6023bd152b3c853f7cb193d7719c82b8a2960fa30f9757a45b480ce52188287

See more details on using hashes here.

Provenance

The following attestation bundles were made for imbi_plugin_aws-0.1.0-py3-none-any.whl:

Publisher: publish.yml on AWeber-Imbi/imbi-plugin-aws

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page