Ejemplo n.º 1
0
def get_temp_creds(profile, token):
  """Use STS to retrieve temporary credentials for <profile>"""
  from boto3 import Session   #Late import because importing boto3 is slow

  config = get_boto_config()[profile]
  hub_client = Session(profile_name=config['source_profile']).client('sts')

  response = hub_client.assume_role(
    RoleArn = config['role_arn'],
    RoleSessionName = 'alfed-aws-{}@{}'.format(str(uuid.uuid4())[:8], profile),
    DurationSeconds = 3600,
    SerialNumber = config['mfa_serial'],
    TokenCode = token,
  )

  temp_creds = response['Credentials']

  return {
    'access_key': temp_creds['AccessKeyId'],
    'secret_key': temp_creds['SecretAccessKey'],
    'session_token': temp_creds['SessionToken'],
    #Python's datetime lib is dumb and doesn't know how to turn timezone-aware datetimes
    #into epoch timestamps. Since the datetime boto returns and the datetime returned
    #by datetime.utcfromtimestamp() are both in UTC, this is safe.
    'expires': (temp_creds['Expiration'].replace(tzinfo=None) - datetime.utcfromtimestamp(0)).total_seconds(),
  }
Ejemplo n.º 2
0
def get_temp_creds(profile, token):
    """Use STS to retrieve temporary credentials for <profile>"""
    from boto3 import Session  # Late import because importing boto3 is slow

    config = get_boto_config()[profile]
    hub_client = Session(profile_name=config['source_profile']).client('sts')

    response = hub_client.assume_role(
        RoleArn=config['role_arn'],
        RoleSessionName='alfed-aws-{}@{}'.format(
            str(uuid.uuid4())[:8], profile),
        DurationSeconds=3600,
        SerialNumber=config['mfa_serial'],
        TokenCode=token,
    )

    temp_creds = response['Credentials']

    return {
        'access_key':
        temp_creds['AccessKeyId'],
        'secret_key':
        temp_creds['SecretAccessKey'],
        'session_token':
        temp_creds['SessionToken'],
        # Python's datetime lib is dumb and doesn't know how to turn timezone-aware datetimes
        # into epoch timestamps. Since the datetime boto returns and the datetime returned
        # by datetime.utcfromtimestamp() are both in UTC, this is safe.
        'expires': (temp_creds['Expiration'].replace(tzinfo=None) -
                    datetime.utcfromtimestamp(0)).total_seconds(),
    }
Ejemplo n.º 3
0
 def newSess(self, username):
     # make sure no empty name
     assert username
     sts = Session(**self.config.session_param).client('sts')
     tmp = sts.assume_role(RoleArn=self.config.role,
                           RoleSessionName="jmeter_" +
                           username)["Credentials"]
     ret = Session(aws_access_key_id=tmp["AccessKeyId"],
                   aws_secret_access_key=tmp["SecretAccessKey"],
                   aws_session_token=tmp["SessionToken"],
                   region_name=self.config.session_param["region_name"])
     return ret