def get_remote_s3_client(): """ :return: result from AssumeRole.get_client() call using "s3_remote" config.yaml parameters """ if "s3_remote" not in aws_config: raise RuntimeError( "Remote account 's3_remote' configuration parameters are not provided in the config.yaml?" ) remote_host_account: str = aws_config["s3_remote"]["host_account"] remote_guest_external_id: str = aws_config["s3_remote"][ "guest_external_id"] remote_iam_role_name: str = aws_config["s3_remote"]["iam_role_name"] remote_s3_region_name: str = aws_config["s3_remote"]["region"] remote_assumed_role = AssumeRole( host_account=remote_host_account, guest_external_id=remote_guest_external_id, iam_role_name=remote_iam_role_name) remote_s3_client = \ remote_assumed_role.get_client( 's3', config=Config( signature_version='s3v4', region_name=remote_s3_region_name ) ) return remote_s3_client
def test_delete_user(): upi: str = aws_config["cognito"]["user-pool-id"] role = AssumeRole() client = role.get_client('cognito-idp') delete_user( client=client, upi=upi, uid=TEST_USER_NAME )
def test_create_user(): upi: str = aws_config["cognito"]["user-pool-id"] role = AssumeRole() client = role.get_client('cognito-idp') create_user( client=client, upi=upi, uid=TEST_USER_NAME, tpw=TEST_TEMP_PASSWORD, attributes=TEST_USER_ATTRIBUTES )
def get_local_s3_client(): """ :return: result from AssumeRole.get_client() call using local config.yaml parameters """ local_assumed_role = AssumeRole() local_s3_client = \ local_assumed_role.get_client( 's3', config=Config( signature_version='s3v4', region_name=s3_region_name ) ) return local_s3_client
def get_remote_client(): """ :return: """ logger.debug("Validate 's3_remote' parameters") # config.yaml 's3_remote' override - must be completely specified? assert ( [ tag in aws_config["s3_remote"] for tag in [ 'guest_external_id', 'host_account', 'iam_role_name', 'archive-directory', 'bucket', 'region' ] ] ) target_bucket = aws_config["s3_remote"]["bucket"] logger.debug("Assume remote role") target_assumed_role = AssumeRole( host_account=aws_config["s3_remote"]['host_account'], guest_external_id=aws_config["s3_remote"]['guest_external_id'], iam_role_name=aws_config["s3_remote"]['iam_role_name'] ) logger.debug("Configure target client") target_client = \ target_assumed_role.get_client( 's3', config=Config( signature_version='s3v4', region_name=aws_config["s3_remote"]["region"] ) ) return target_assumed_role, target_client, target_bucket
keypair_name: str = '' # Prompt user for target and action for the EC2 service if len(sys.argv) >= 3: context = sys.argv[1].upper() action = sys.argv[2].upper() if context == 'INSTANCE': instance_ids = sys.argv[3:] if len(sys.argv) > 3 else None elif context == 'KEYPAIR': keypair_name = sys.argv[3] if len(sys.argv) > 3 else None else: usage("Unrecognized context argument: '" + context + "'") assumed_role = AssumeRole() ec2_client = assumed_role.get_client('ec2') if context == 'KEYPAIR': if keypair_name: if action == 'CREATE': # Do a dryrun first to verify permissions try: response = ec2_client.create_key_pair(KeyName=keypair_name, DryRun=True) except ClientError as e: if 'DryRunOperation' not in str(e): usage(str(e)) # Dry run succeeded, run start_instances without dryrun try:
) logger.debug(f"delete_user() response:\n{pp.pformat(response)}") except Boto3Error as b3e: logger.error(f"delete_user() exception: {b3e}") if __name__ == '__main__': if len(argv) > 1: user_pool_id: str = aws_config["cognito"]["user-pool-id"] operation = argv[1] assumed_role = AssumeRole() cognito_client = assumed_role.get_client('cognito-idp') if operation.lower() == CREATE_USER: if len(argv) > 3: username = argv[2] ua_file = argv[3] attributes: Dict = read_user_attributes(filename=ua_file, section=username) if 'temporary_password' in attributes: temporary_password = attributes.pop('temporary_password')
# to a Simple Notification Service (SNS). # import sys from os.path import abspath, dirname from pathlib import Path from json import dumps import boto3 from kgea.aws.assume_role import AssumeRole def usage(err_msg: str = ''): if err_msg: print(err_msg) print("Usage: ") print("python -m kgea.aws." + Path(sys.argv[0]).stem + " <host_account_id> <guest_external_id> <target_iam_role_name>") exit(0) # Run the module as a CLI if __name__ == '__main__': assumed_role = AssumeRole() sns_client = assumed_role.get_client('sns') # TODO: SNS specific actions here
logger.error(f"get_url_file_size(url:'{str(url)}'): {str(exc)}") # TODO: invalidate the size invariant to propagate a call error # for now return -1 to encode the error state return -1 return size ################################################ # Wrapper for AWS IAM Role for the Application # ################################################ # Obtain an AWS Clients using an Assumed IAM Role # with default parameters (loaded from config.yaml) # the_role = AssumeRole() ############################ # AWS S3 client operations # ############################ def s3_client(assumed_role=None, config=Config(signature_version='s3v4', region_name=default_s3_region)): """ :param assumed_role: :param config: :return: S3 client """
import sys from pathlib import Path from urllib.parse import quote, quote_plus import requests from json import loads import webbrowser from kgea.aws.assume_role import AssumeRole account_id_from_user: str = "" external_id: str = "" role_name_from_user: str = "" _assumed_role = AssumeRole() # Make a request to the AWS federation endpoint to get a sign-in. # # token, passing parameters in the query string. The call requires an # Action parameter ('getSigninToken') and a Session parameter (the # JSON string that contains the temporary credentials that have # been URL-encoded). request_parameters = "?Action=getSigninToken" request_parameters += "&Session=" request_parameters += quote_plus(_assumed_role.get_credentials_jsons()) request_url = "https://signin.aws.amazon.com/federation" request_url += request_parameters r = requests.get(request_url) # Get the return value from the federation endpoint.