wparad/awsDelegatedStsAccessViaUI.py

## awsDelegatedStsAccessViaUI.py
# Documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

def getfedlink(account, user, policy):
“”"get a URL for signin for a given account/user/policy”“”
session = boto3.Session()
sts_connection = session.client(“sts”)
assumed_role_object = sts_connection.assume_role(
RoleArn=getsessionrole(account),
RoleSessionName=f”{account}-{user}“,
SourceIdentity=user,
Policy=json.dumps(getsessionpolicy(account)),
)

url_credentials = {}
url_credentials[“sessionId”] = assumed_role_object.get(“Credentials”).get(
“AccessKeyId”
)
url_credentials[“sessionKey”] = assumed_role_object.get(“Credentials”).get(
“SecretAccessKey”
)
url_credentials[“sessionToken”] = assumed_role_object.get(“Credentials”).get(
“SessionToken”
)
json_string_with_temp_credentials = json.dumps(url_credentials)

request_parameters = “?Action=getSigninToken”
request_parameters += “&SessionDuration=43200”
request_parameters += “&Session=” + urllib.parse.quote_plus(
json_string_with_temp_credentials
)
request_url = “https://signin.aws.amazon.com/federation” + request_parameters
r = requests.get(request_url)

signin_token = json.loads(r.text)

issuer_url = SCHEME + “://” + FQDN
request_parameters = “?Action=login”
request_parameters += “&Issuer=” + urllib.parse.quote_plus(issuer_url)
request_parameters += “&Destination=” + urllib.parse.quote_plus(
“https://console.aws.amazon.com/”
)
request_parameters += “&SigninToken=” + signin_token[“SigninToken”]
request_url = “https://signin.aws.amazon.com/federation” + request_parameters
return request_url
	# Documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

	def getfedlink(account, user, policy):
	“”"get a URL for signin for a given account/user/policy”“”
	session = boto3.Session()
	sts_connection = session.client(“sts”)
	assumed_role_object = sts_connection.assume_role(
	RoleArn=getsessionrole(account),
	RoleSessionName=f”{account}-{user}“,
	SourceIdentity=user,
	Policy=json.dumps(getsessionpolicy(account)),
	)

	url_credentials = {}
	url_credentials[“sessionId”] = assumed_role_object.get(“Credentials”).get(
	“AccessKeyId”
	)
	url_credentials[“sessionKey”] = assumed_role_object.get(“Credentials”).get(
	“SecretAccessKey”
	)
	url_credentials[“sessionToken”] = assumed_role_object.get(“Credentials”).get(
	“SessionToken”
	)
	json_string_with_temp_credentials = json.dumps(url_credentials)

	request_parameters = “?Action=getSigninToken”
	request_parameters += “&SessionDuration=43200”
	request_parameters += “&Session=” + urllib.parse.quote_plus(
	json_string_with_temp_credentials
	)
	request_url = “https://signin.aws.amazon.com/federation” + request_parameters
	r = requests.get(request_url)

	signin_token = json.loads(r.text)

	issuer_url = SCHEME + “://” + FQDN
	request_parameters = “?Action=login”
	request_parameters += “&Issuer=” + urllib.parse.quote_plus(issuer_url)
	request_parameters += “&Destination=” + urllib.parse.quote_plus(
	“https://console.aws.amazon.com/”
	)
	request_parameters += “&SigninToken=” + signin_token[“SigninToken”]
	request_url = “https://signin.aws.amazon.com/federation” + request_parameters
	return request_url