def get_remote_s3_client(): """ :return: result from AssumeRole.get_client() call using "s3_remote" config.yaml parameters """ if "s3_remote" not in aws_config: raise RuntimeError( "Remote account 's3_remote' configuration parameters are not provided in the config.yaml?" ) remote_host_account: str = aws_config["s3_remote"]["host_account"] remote_guest_external_id: str = aws_config["s3_remote"][ "guest_external_id"] remote_iam_role_name: str = aws_config["s3_remote"]["iam_role_name"] remote_s3_region_name: str = aws_config["s3_remote"]["region"] remote_assumed_role = AssumeRole( host_account=remote_host_account, guest_external_id=remote_guest_external_id, iam_role_name=remote_iam_role_name) remote_s3_client = \ remote_assumed_role.get_client( 's3', config=Config( signature_version='s3v4', region_name=remote_s3_region_name ) ) return remote_s3_client
def test_delete_user(): upi: str = aws_config["cognito"]["user-pool-id"] role = AssumeRole() client = role.get_client('cognito-idp') delete_user( client=client, upi=upi, uid=TEST_USER_NAME )
def test_create_user(): upi: str = aws_config["cognito"]["user-pool-id"] role = AssumeRole() client = role.get_client('cognito-idp') create_user( client=client, upi=upi, uid=TEST_USER_NAME, tpw=TEST_TEMP_PASSWORD, attributes=TEST_USER_ATTRIBUTES )
def get_local_s3_client(): """ :return: result from AssumeRole.get_client() call using local config.yaml parameters """ local_assumed_role = AssumeRole() local_s3_client = \ local_assumed_role.get_client( 's3', config=Config( signature_version='s3v4', region_name=s3_region_name ) ) return local_s3_client
def get_remote_client(): """ :return: """ logger.debug("Validate 's3_remote' parameters") # config.yaml 's3_remote' override - must be completely specified? assert ( [ tag in aws_config["s3_remote"] for tag in [ 'guest_external_id', 'host_account', 'iam_role_name', 'archive-directory', 'bucket', 'region' ] ] ) target_bucket = aws_config["s3_remote"]["bucket"] logger.debug("Assume remote role") target_assumed_role = AssumeRole( host_account=aws_config["s3_remote"]['host_account'], guest_external_id=aws_config["s3_remote"]['guest_external_id'], iam_role_name=aws_config["s3_remote"]['iam_role_name'] ) logger.debug("Configure target client") target_client = \ target_assumed_role.get_client( 's3', config=Config( signature_version='s3v4', region_name=aws_config["s3_remote"]["region"] ) ) return target_assumed_role, target_client, target_bucket
keypair_name: str = '' # Prompt user for target and action for the EC2 service if len(sys.argv) >= 3: context = sys.argv[1].upper() action = sys.argv[2].upper() if context == 'INSTANCE': instance_ids = sys.argv[3:] if len(sys.argv) > 3 else None elif context == 'KEYPAIR': keypair_name = sys.argv[3] if len(sys.argv) > 3 else None else: usage("Unrecognized context argument: '" + context + "'") assumed_role = AssumeRole() ec2_client = assumed_role.get_client('ec2') if context == 'KEYPAIR': if keypair_name: if action == 'CREATE': # Do a dryrun first to verify permissions try: response = ec2_client.create_key_pair(KeyName=keypair_name, DryRun=True) except ClientError as e: if 'DryRunOperation' not in str(e): usage(str(e)) # Dry run succeeded, run start_instances without dryrun try:
logger.error(f"get_url_file_size(url:'{str(url)}'): {str(exc)}") # TODO: invalidate the size invariant to propagate a call error # for now return -1 to encode the error state return -1 return size ################################################ # Wrapper for AWS IAM Role for the Application # ################################################ # Obtain an AWS Clients using an Assumed IAM Role # with default parameters (loaded from config.yaml) # the_role = AssumeRole() ############################ # AWS S3 client operations # ############################ def s3_client(assumed_role=None, config=Config(signature_version='s3v4', region_name=default_s3_region)): """ :param assumed_role: :param config: :return: S3 client """