AWS: Boto3: AssumeRole example which includes role usage
I\'m trying to use the AssumeRole in such a way that i\'m traversing multiple accounts and retrieving assets for those accounts. I\'ve made it to this point:
-
You can assume role using STS token, like:
class Boto3STSService(object): def __init__(self, arn): sess = Session(aws_access_key_id=ARN_ACCESS_KEY, aws_secret_access_key=ARN_SECRET_KEY) sts_connection = sess.client('sts') assume_role_object = sts_connection.assume_role( RoleArn=arn, RoleSessionName=ARN_ROLE_SESSION_NAME, DurationSeconds=3600) self.credentials = assume_role_object['Credentials']This will give you temporary access key and secret keys, with session token. With these temporary credentials, you can access any service. For Eg, if you want to access ELB, you can use the below code:
self.tmp_credentials = Boto3STSService(arn).credentials def get_boto3_session(self): tmp_access_key = self.tmp_credentials['AccessKeyId'] tmp_secret_key = self.tmp_credentials['SecretAccessKey'] security_token = self.tmp_credentials['SessionToken'] boto3_session = Session( aws_access_key_id=tmp_access_key, aws_secret_access_key=tmp_secret_key, aws_session_token=security_token ) return boto3_session def get_elb_boto3_connection(self, region): sess = self.get_boto3_session() elb_conn = sess.client(service_name='elb', region_name=region) return elb_conn讨论(0)
加载中...
- 热议问题