These are python 2 and 3 snippets showing how to generate headers to authenticate with HashiCorp's Vault using the AWS authentication method. There's also a Ruby implementation which uses version 3 of the AWS SDK for Ruby.
The python scripts look for credentials in the
default boto3 locations;
if you need to supply custom credentials (such as from an AssumeRole
call), you would use the
botocore.session.set_credentials
method before calling create_client
.
The ruby script looks for credentials from the default SDK locations.
Thanks to @copumpkin for much of the original python 2 implementation (provided privately) on which this was based.
Thanks to @stark525 for starting the python 3 port, on which the python 3 implementation is based.
Thanks @emayssat for the contribution !
The fact "that it hides how boto generates the signature" is a feature, not a bug :) I was going for simplicity and usability here, rather than trying to expose the raw code, but this is also useful for those who want to understand it more or can't use boto3/botocore for whatever reason.