Skip to content

Instantly share code, notes, and snippets.

View ran-isenberg's full-sized avatar

Ran Isenberg ran-isenberg

115 followers · 4 following
View GitHub Profile
@ran-isenberg
ran-isenberg / assume_role_trust_2.yaml
Created April 27, 2024 12:36
assume_role_trust_2.yaml
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::390096245597:role/roleserviceA"
]
@ran-isenberg
ran-isenberg / assume_role_sns_publish.py
Created April 27, 2024 08:53
assume_role_sns_publish.py
import boto3
sts_client = boto3.client('sts')
response = sts_client.assume_role(
RoleArn='arn:aws:iam::123456789012:role/YourRole',
RoleSessionName='mysession',
)
temp_credentials = response["Credentials"]
sns_client = boto3.client(
'sns',
@ran-isenberg
ran-isenberg / sns_publish.py
Created April 27, 2024 08:43
import boto3
client = boto3.client('sns')
response = client.publish(
TopicArn='arn:aws:sns:region:account-id:service_c_topic',
Message='Hello, this is a test message from my SNS topic!'
)
@ran-isenberg
ran-isenberg / sns_access_policy.yaml
Last active April 27, 2024 08:38
sns_access_policy.yaml
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "serviceA_can_publish",
"Effect": "Allow",
"Principal": {
"AWS": [
"service_A_Account"
@ran-isenberg
ran-isenberg / assume_role_publish_sns.yaml
Created April 27, 2024 08:30
assume_role_publish_sns.yaml
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "arn:aws:sns:region:123456789012:topic-name"
}
]
}
@ran-isenberg
ran-isenberg / role_invoke_api.yaml
Created April 27, 2024 08:23
role_invoke_api.yaml
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:region:123456789012:api-id/stage-name/HTTP-VERB/resource-path"
}
]
}
@ran-isenberg
ran-isenberg / assume_role_trusy.yaml
Last active April 27, 2024 08:16
assume_role_trusy.yaml
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::390096245597:role/roleserviceA",
"arn:aws:iam::390096245597:role/roleserviceB"
@ran-isenberg
ran-isenberg / assume_role.py
Created April 27, 2024 07:59
assume_role.py
import boto3
import requests
from aws_requests_auth.aws_auth import AWSRequestsAuth
sts_client = boto3.client('sts')
response = sts_client.assume_role(
RoleArn='arn:aws:iam::123456789012:role/YourRole',
RoleSessionName='mysession',
)
temp_credentials = response["Credentials"]
@ran-isenberg
ran-isenberg / sigv4.py
Last active May 4, 2024 08:54
sigv4.py
import boto3
import requests
from aws_requests_auth.aws_auth import AWSRequestsAuth
session = boto3.Session()
credentials = session.get_credentials()
auth = AWSRequestsAuth(
aws_access_key=credentials.access_key,
aws_secret_access_key=credentials.secret_key,
aws_token=credentials.token,
@ran-isenberg
ran-isenberg / api_gw_resource_policy.yaml
Created April 26, 2024 13:59
api_gw_resource_policy.yaml
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::{{otherAWSAccountID}}:root",
"arn:aws:iam::{{otherAWSAccountID}}:role/{{otherAWSRoleName}}"
]