| # Copyright 2022 Ben Kehoe | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"). You | |
| # may not use this file except in compliance with the License. A copy of | |
| # the License is located at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # or in the "license" file accompanying this file. This file is | |
| # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF |
Lots of people use aws s3 ls to check that they have valid credentials.
If it succeeds, they assume they are good to go.
Even AWS blog tutorials often use it.
They're all wrong.
There's multiple things wrong with using aws s3 ls to check credential validity.
The first is that it has an IAM permission, s3:ListAllMyBuckets, associated with it.
Spurred by this twitter conversation.
random.SystemRandom uses os.urandom as a source of bytes, but doesn't provide a way to use a different source of bytes.
So stream_random.py is exactly that.
Then kms_random.py has raw and buffered bytestreams pulling from KMS.GenerateRandom.
The main interface is kms_random.get_kms_random(boto3_session, buffer_size=None). The default buffer size is 16, chosen arbitrarily.
I do not vouch for the randomness properties of the results.
| #!/usr/bin/env python3.11 | |
| # MIT No Attribution | |
| # | |
| # Copyright 2023 Ben Kehoe | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this | |
| # software and associated documentation files (the "Software"), to deal in the Software | |
| # without restriction, including without limitation the rights to use, copy, modify, | |
| # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to |