def get_remote_s3_client():
"""
:return: result from AssumeRole.get_client() call using "s3_remote" config.yaml parameters
"""
if "s3_remote" not in aws_config:
raise RuntimeError(
"Remote account 's3_remote' configuration parameters are not provided in the config.yaml?"
)
remote_host_account: str = aws_config["s3_remote"]["host_account"]
remote_guest_external_id: str = aws_config["s3_remote"][
"guest_external_id"]
remote_iam_role_name: str = aws_config["s3_remote"]["iam_role_name"]
remote_s3_region_name: str = aws_config["s3_remote"]["region"]
remote_assumed_role = AssumeRole(
host_account=remote_host_account,
guest_external_id=remote_guest_external_id,
iam_role_name=remote_iam_role_name)
remote_s3_client = \
remote_assumed_role.get_client(
's3',
config=Config(
signature_version='s3v4',
region_name=remote_s3_region_name
)
)
return remote_s3_client
def test_delete_user():
upi: str = aws_config["cognito"]["user-pool-id"]
role = AssumeRole()
client = role.get_client('cognito-idp')
delete_user(
client=client,
upi=upi,
uid=TEST_USER_NAME
)
def test_create_user():
upi: str = aws_config["cognito"]["user-pool-id"]
role = AssumeRole()
client = role.get_client('cognito-idp')
create_user(
client=client,
upi=upi,
uid=TEST_USER_NAME,
tpw=TEST_TEMP_PASSWORD,
attributes=TEST_USER_ATTRIBUTES
)
def get_local_s3_client():
"""
:return: result from AssumeRole.get_client() call using local config.yaml parameters
"""
local_assumed_role = AssumeRole()
local_s3_client = \
local_assumed_role.get_client(
's3',
config=Config(
signature_version='s3v4',
region_name=s3_region_name
)
)
return local_s3_client
def get_remote_client():
"""
:return:
"""
logger.debug("Validate 's3_remote' parameters")
# config.yaml 's3_remote' override - must be completely specified?
assert (
[
tag in aws_config["s3_remote"]
for tag in [
'guest_external_id',
'host_account',
'iam_role_name',
'archive-directory',
'bucket',
'region'
]
]
)
target_bucket = aws_config["s3_remote"]["bucket"]
logger.debug("Assume remote role")
target_assumed_role = AssumeRole(
host_account=aws_config["s3_remote"]['host_account'],
guest_external_id=aws_config["s3_remote"]['guest_external_id'],
iam_role_name=aws_config["s3_remote"]['iam_role_name']
)
logger.debug("Configure target client")
target_client = \
target_assumed_role.get_client(
's3',
config=Config(
signature_version='s3v4',
region_name=aws_config["s3_remote"]["region"]
)
)
return target_assumed_role, target_client, target_bucket
keypair_name: str = ''
# Prompt user for target and action for the EC2 service
if len(sys.argv) >= 3:
context = sys.argv[1].upper()
action = sys.argv[2].upper()
if context == 'INSTANCE':
instance_ids = sys.argv[3:] if len(sys.argv) > 3 else None
elif context == 'KEYPAIR':
keypair_name = sys.argv[3] if len(sys.argv) > 3 else None
else:
usage("Unrecognized context argument: '" + context + "'")
assumed_role = AssumeRole()
ec2_client = assumed_role.get_client('ec2')
if context == 'KEYPAIR':
if keypair_name:
if action == 'CREATE':
# Do a dryrun first to verify permissions
try:
response = ec2_client.create_key_pair(KeyName=keypair_name, DryRun=True)
except ClientError as e:
if 'DryRunOperation' not in str(e):
usage(str(e))
# Dry run succeeded, run start_instances without dryrun
try:
logger.error(f"get_url_file_size(url:'{str(url)}'): {str(exc)}")
# TODO: invalidate the size invariant to propagate a call error
# for now return -1 to encode the error state
return -1
return size
################################################
# Wrapper for AWS IAM Role for the Application #
################################################
# Obtain an AWS Clients using an Assumed IAM Role
# with default parameters (loaded from config.yaml)
#
the_role = AssumeRole()
############################
# AWS S3 client operations #
############################
def s3_client(assumed_role=None,
config=Config(signature_version='s3v4',
region_name=default_s3_region)):
"""
:param assumed_role:
:param config:
:return: S3 client
"""