def create_botocore_session(profile=None, debug=False):
# type: (str, bool) -> session.Session
s = session.Session(profile=profile)
_add_chalice_user_agent(s)
if debug:
s.set_debug_logger('')
_inject_large_request_body_filter()
return s
def load_boto_session_from_config(config: Dict[str, Any]) -> boto.Session:
if config.get('from_environment', False):
session = boto.get_session()
else:
access_key = config['access_key']
secret_key = config['secret_key']
session = boto.Session()
session.set_credentials(access_key, secret_key)
_patch_boto(session)
return session
def __init__(self, configuration):
super(AmazonElasticsearchService, self).__init__(configuration)
region = configuration['region']
cred = None
if configuration.get('use_aws_iam_profile', False):
cred = credentials.get_credentials(session.Session())
else:
cred = credentials.Credentials(
access_key=configuration.get('access_key', ''),
secret_key=configuration.get('secret_key', ''))
self.auth = AWSV4Sign(cred, region, 'es')
def __init__(self, configuration):
super(AmazonElasticsearchService, self).__init__(configuration)
region = configuration["region"]
cred = None
if configuration.get("use_aws_iam_profile", False):
cred = credentials.get_credentials(session.Session())
else:
cred = credentials.Credentials(
access_key=configuration.get("access_key", ""),
secret_key=configuration.get("secret_key", ""),
)
self.auth = AWSV4Sign(cred, region, "es")
def _get_v4_signed_headers(self):
"""Returns V4 signed get-caller-identity request headers"""
if self.aws_session is None:
boto_session = session.Session()
creds = boto_session.get_credentials()
else:
creds = self.aws_session.get_credentials()
if creds is None:
raise CerberusClientException("Unable to locate AWS credentials")
readonly_credentials = creds.get_frozen_credentials()
# hardcode get-caller-identity request
data = OrderedDict((('Action','GetCallerIdentity'), ('Version', '2011-06-15')))
url = 'https://sts.{}.amazonaws.com/'.format(self.region)
request_object = awsrequest.AWSRequest(method='POST', url=url, data=data)
signer = auth.SigV4Auth(readonly_credentials, 'sts', self.region)
signer.add_auth(request_object)
return request_object.headers
'''
Credits to Mathew Marcus (2019)
https://www.mathewmarcus.com/blog/
http://archive.is/nXkCb
Small syntax and organization modifications were made to the original code.
'''
import asyncio
import json
import os
from typing import Dict, List, Optional
import urllib
import aiohttp
from botocore import session, awsrequest, auth
AWS_CREDENTIALS = session.Session().get_credentials()
LAMBDA_ENDPOINT = 'https://lambda.{region}.amazonaws.com/2015-03-31/functions'
def sign_headers(*, url: str, payload: Dict, invocation_type: str):
'''Sign AWS API request headers'''
segments = urllib.parse.urlparse(url).netloc.split('.')
service = segments[0]
region = segments[1]
request = awsrequest.AWSRequest(method='POST',
url=url,
data=json.dumps(payload),
headers={
'X-Amz-Invocation-Type':
invocation_type,