Last active
May 24, 2018 14:07
-
-
Save shmick/0d3a4f3208c7544d3a040d026da07590 to your computer and use it in GitHub Desktop.
A quick example for using roles within a boto3 script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| acct1_arn = 'arn:aws:iam::111111111111:role/S3-Write-Role' | |
| acct2_arn = 'arn:aws:iam::222222222222:role/S3-Read-Role' | |
| def switch_role(role_arn): | |
| sts_client = boto3.client('sts') | |
| response = sts_client.assume_role( | |
| RoleArn=role_arn, | |
| RoleSessionName="AssumeRoleSession" | |
| ) | |
| session = boto3.Session( | |
| aws_access_key_id=response['Credentials']['AccessKeyId'], | |
| aws_secret_access_key=response['Credentials']['SecretAccessKey'], | |
| aws_session_token=response['Credentials']['SessionToken'] | |
| ) | |
| return session | |
| def acct1_function(): | |
| session = switch_role(role_arn=acct1_arn) | |
| s3 = session.client('s3') | |
| # Do some S3 stuff in acct1 | |
| def acct2 function(): | |
| session = switch_role(role_arn=acct2_arn) | |
| s3 = session.client('s3') | |
| # Do some S3 stuff in acct2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment