import boto3 | |
import sys | |
# Please fill in the following variables | |
ROLE_ARN = "" | |
ROLE_SESSION_NAME = "" | |
EXTERNAL_ID = "" | |
DEFAULT_REGION = "" | |
class CreateAWSClientUsingSTSCredential(object): | |
""" | |
CreateAWSClientUsingSTSCredential | |
eg. | |
c = CreateAWSClientUsingSTSCredential() | |
c.get_sts_credentials() | |
s3 = c.create_aws_client_using_sts_credentials('s3', 'resource') | |
""" | |
def __init__(self): | |
self.credentials = None | |
def get_sts_credentials(self, role_arn=ROLE_ARN, role_session_name=ROLE_SESSION_NAME, external_id=EXTERNAL_ID): | |
""" | |
type role_arn: 'string' | |
type role_session_name: 'string' | |
type external_id: 'string' | |
optional: | |
http://boto3.readthedocs.io/en/latest/reference/services/sts.html#STS.Client.assume_role | |
""" | |
try: | |
client = boto3.client('sts') | |
self.credentials = client.assume_role(RoleArn=role_arn, | |
RoleSessionName=role_session_name, | |
ExternalId=external_id)['Credentials'] | |
except Exception as e: | |
print(e) | |
def create_aws_client_using_sts_credentials(self, aws_service, resource, region_name=DEFAULT_REGION): | |
""" | |
type aws_service: string | |
type resource: string | |
""" | |
session = boto3.Session(aws_access_key_id=self.credentials['AccessKeyId'], | |
aws_secret_access_key=self.credentials['SecretAccessKey'], | |
aws_session_token=self.credentials['SessionToken'], | |
region_name=region_name) | |
try: | |
if resource == 'client': | |
return session.client(aws_service) | |
elif resource == 'resource': | |
return session.resource(aws_service) | |
else: | |
raise NotImplementedError() | |
except Exception as e: | |
print(e) | |
sys.exit(1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment