Skip to content

Instantly share code, notes, and snippets.

@shar1z

shar1z/import.py

Created August 1, 2022 09:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shar1z/a960f7ba45c0f99c571700145b2c7e17 to your computer and use it in GitHub Desktop.
Save shar1z/a960f7ba45c0f99c571700145b2c7e17 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
import.py
import boto3
def generate_credentials(event):
tenant_id = extract_tenant_from_auth_header(event)
dynamic_policy = generate_dynamodb_policy(tenant_id)
sts_client = boto3.client("sts")
assumed_role = sts_client.assume_role(
RoleArn="arn:aws:iam::<account-id>:role/DynamodbRoleToAssume",
RoleSessionName="<name-to-identify-the-assumed-role-session>",
Policy=dynamic_policy,
)
credentials = assumed_role["Credentials"]
return {
"aws_access_key_id": credentials["AccessKeyId"],
"aws_secret_access_key": credentials["SecretAccessKey"],
"aws_session_token": credentials["SessionToken"],
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment