def get_temp_creds(profile, token): """Use STS to retrieve temporary credentials for <profile>""" from boto3 import Session #Late import because importing boto3 is slow config = get_boto_config()[profile] hub_client = Session(profile_name=config['source_profile']).client('sts') response = hub_client.assume_role( RoleArn = config['role_arn'], RoleSessionName = 'alfed-aws-{}@{}'.format(str(uuid.uuid4())[:8], profile), DurationSeconds = 3600, SerialNumber = config['mfa_serial'], TokenCode = token, ) temp_creds = response['Credentials'] return { 'access_key': temp_creds['AccessKeyId'], 'secret_key': temp_creds['SecretAccessKey'], 'session_token': temp_creds['SessionToken'], #Python's datetime lib is dumb and doesn't know how to turn timezone-aware datetimes #into epoch timestamps. Since the datetime boto returns and the datetime returned #by datetime.utcfromtimestamp() are both in UTC, this is safe. 'expires': (temp_creds['Expiration'].replace(tzinfo=None) - datetime.utcfromtimestamp(0)).total_seconds(), }
def get_temp_creds(profile, token): """Use STS to retrieve temporary credentials for <profile>""" from boto3 import Session # Late import because importing boto3 is slow config = get_boto_config()[profile] hub_client = Session(profile_name=config['source_profile']).client('sts') response = hub_client.assume_role( RoleArn=config['role_arn'], RoleSessionName='alfed-aws-{}@{}'.format( str(uuid.uuid4())[:8], profile), DurationSeconds=3600, SerialNumber=config['mfa_serial'], TokenCode=token, ) temp_creds = response['Credentials'] return { 'access_key': temp_creds['AccessKeyId'], 'secret_key': temp_creds['SecretAccessKey'], 'session_token': temp_creds['SessionToken'], # Python's datetime lib is dumb and doesn't know how to turn timezone-aware datetimes # into epoch timestamps. Since the datetime boto returns and the datetime returned # by datetime.utcfromtimestamp() are both in UTC, this is safe. 'expires': (temp_creds['Expiration'].replace(tzinfo=None) - datetime.utcfromtimestamp(0)).total_seconds(), }
def newSess(self, username): # make sure no empty name assert username sts = Session(**self.config.session_param).client('sts') tmp = sts.assume_role(RoleArn=self.config.role, RoleSessionName="jmeter_" + username)["Credentials"] ret = Session(aws_access_key_id=tmp["AccessKeyId"], aws_secret_access_key=tmp["SecretAccessKey"], aws_session_token=tmp["SessionToken"], region_name=self.config.session_param["region_name"]) return ret