コード例 #1
0
ファイル: stsops.py プロジェクト: aveekbu/eutester 
    def setup_sts_connection(self, endpoint=None, region=None, aws_access_key_id=None, aws_secret_access_key=None, path="/",port=443, is_secure=True, boto_debug=0):
        sts_region = RegionInfo()
        if region:
            self.debug("Check region: " + str(region))
            try:
                if not endpoint:
                    sts_region.endpoint = EC2RegionData[region]
                else:
                    sts_region.endpoint = endpoint
            except KeyError:
                raise Exception( 'Unknown region: %s' % region)
        else:
            sts_region.name = 'eucalyptus'
            if endpoint:
                sts_region.endpoint = endpoint
            else:
                sts_region.endpoint = self.get_ec2_ip()

        try:
            sts_connection_args = { 'aws_access_key_id' : aws_access_key_id,
                                    'aws_secret_access_key': aws_secret_access_key,
                                    'is_secure': is_secure,
                                    'debug':boto_debug,
                                    'port' : port,
                                    'path' : path,
                                    'region' : sts_region}
            self.debug("Attempting to create STS connection to " + self.get_ec2_ip() + str(port) + path)
            self.tokens = boto.connect_sts(**sts_connection_args)
        except Exception, e:
            self.critical("Was unable to create STS connection because of exception: " + str(e))
コード例 #2
0
def test_assume_role():
    conn = boto.connect_sts()

    policy = json.dumps({
        "Statement": [
            {
                "Sid": "Stmt13690092345534",
                "Action": ["S3:ListBucket"],
                "Effect": "Allow",
                "Resource": ["arn:aws:s3:::foobar-tester"]
            },
        ]
    })
    s3_role = "arn:aws:iam::123456789012:role/test-role"
    role = conn.assume_role(s3_role,
                            "session-name",
                            policy,
                            duration_seconds=123)

    credentials = role.credentials
    credentials.expiration.should.equal('2012-01-01T12:02:03.000Z')
    credentials.session_token.should.have.length_of(356)
    assert credentials.session_token.startswith("FQoGZXIvYXdzE")
    credentials.access_key.should.have.length_of(20)
    assert credentials.access_key.startswith("ASIA")
    credentials.secret_key.should.have.length_of(40)

    role.user.arn.should.equal("arn:aws:iam::123456789012:role/test-role")
    role.user.assume_role_id.should.contain("session-name")
コード例 #3
0
ファイル: test_sts.py プロジェクト: sworisbreathing/moto 
def test_assume_role_with_web_identity():
    conn = boto.connect_sts()

    policy = json.dumps({
        "Statement": [{
            "Sid": "Stmt13690092345534",
            "Action": ["S3:ListBucket"],
            "Effect": "Allow",
            "Resource": ["arn:aws:s3:::foobar-tester"],
        }]
    })
    role_name = "test-role"
    s3_role = "arn:aws:iam::{account_id}:role/{role_name}".format(
        account_id=ACCOUNT_ID, role_name=role_name)
    session_name = "session-name"
    role = conn.assume_role_with_web_identity(s3_role,
                                              session_name,
                                              policy,
                                              duration_seconds=123)

    credentials = role.credentials
    credentials.expiration.should.equal("2012-01-01T12:02:03.000Z")
    credentials.session_token.should.have.length_of(356)
    assert credentials.session_token.startswith("FQoGZXIvYXdzE")
    credentials.access_key.should.have.length_of(20)
    assert credentials.access_key.startswith("ASIA")
    credentials.secret_key.should.have.length_of(40)

    role.user.arn.should.equal(
        "arn:aws:sts::{account_id}:assumed-role/{role_name}/{session_name}".
        format(account_id=ACCOUNT_ID,
               role_name=role_name,
               session_name=session_name))
    role.user.assume_role_id.should.contain("session-name")
コード例 #4
0
ファイル: dynamoDB.py プロジェクト: gerard0315/IOT_lab 
def connection():
    ACCOUNT_ID =
    IDENTITY_POOL_ID =
    ROLE_ARN =

    # Use cognito to get an identity.
    cognito = boto.connect_cognito_identity()
    cognito_id = cognito.get_id(ACCOUNT_ID, IDENTITY_POOL_ID)
    oidc = cognito.get_open_id_token(cognito_id['IdentityId'])

    # Further setup your STS using the code below
    sts = boto.connect_sts()
    assumedRoleObject = sts.assume_role_with_web_identity(ROLE_ARN, "XX", oidc['Token'])

    # Prepare DynamoDB client
    # Prepare DynamoDB client
    client_dynamo = boto.dynamodb2.connect_to_region(
        'us-east-1',
        aws_access_key_id=assumedRoleObject.credentials.access_key,
        aws_secret_access_key=assumedRoleObject.credentials.secret_key,
        security_token=assumedRoleObject.credentials.session_token)

    tables = client_dynamo.list_tables()
    dataTable = table_creation(tables, client_dynamo)
    return dataTable
コード例 #5
0
def test_assume_role():
    conn = boto.connect_sts()

    policy = json.dumps({
        "Statement": [
            {
                "Sid": "Stmt13690092345534",
                "Action": [
                    "S3:ListBucket"
                ],
                "Effect": "Allow",
                "Resource": [
                    "arn:aws:s3:::foobar-tester"
                ]
            },
        ]
    })
    s3_role = "arn:aws:iam::123456789012:role/test-role"
    role = conn.assume_role(s3_role, "session-name", policy, duration_seconds=123)

    credentials = role.credentials
    credentials.expiration.should.equal('2012-01-01T12:02:03Z')
    credentials.session_token.should.equal("BQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE")
    credentials.access_key.should.equal("AKIAIOSFODNN7EXAMPLE")
    credentials.secret_key.should.equal("aJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY")

    role.user.arn.should.equal("arn:aws:iam::123456789012:role/test-role")
    role.user.assume_role_id.should.contain("session-name")
コード例 #6
0
ファイル: abstracts.py プロジェクト: tailorkuldeep/messer 
    def __init__(self, args, init_conn=True):
        super(MesserAWSCommand, self).__init__(args, config=MesserAWSConfig(args.config))

        # set up STS if needed
        if init_conn:
            self.sts = None
            if self.config.role_arn:
                if self.config.aws_profile:
                    self.sts_conn = boto.connect_sts(profile_name=self.config.aws_profile)
                else:
                    self.sts_conn = boto.connect_sts()
                response = self.sts_conn.assume_role(self.config.role_arn, self.config.role_session_name)
                self.sts = response.credentials.to_dict()
            # get S3 & KMS connections
            self._connect_kms()
            self._connect_s3()
コード例 #7
0
def assume_service(account_number, service, region='us-east-1'):
    conn = boto.connect_sts()

    role = conn.assume_role(
        'arn:aws:iam::{0}:role/{1}'.format(
            account_number,
            current_app.config.get('LEMUR_INSTANCE_PROFILE', 'Lemur')), 'blah')

    if service in 'iam':
        return boto.connect_iam(
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token)

    elif service in 'elb':
        return boto.ec2.elb.connect_to_region(
            region,
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token)

    elif service in 'vpc':
        return boto.connect_vpc(
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token)

    elif service in 's3':
        return boto.s3.connect_to_region(
            region,
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token)
コード例 #8
0
def test_assume_role():
    conn = boto.connect_sts()

    policy = json.dumps({
        "Statement": [
            {
                "Sid": "Stmt13690092345534",
                "Action": [
                    "S3:ListBucket"
                ],
                "Effect": "Allow",
                "Resource": [
                    "arn:aws:s3:::foobar-tester"
                ]
            },
        ]
    })
    s3_role = "arn:aws:iam::123456789012:role/test-role"
    role = conn.assume_role(s3_role, "session-name", policy, duration_seconds=123)

    credentials = role.credentials
    credentials.expiration.should.equal('2012-01-01T12:02:03Z')
    credentials.session_token.should.equal("BQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE")
    credentials.access_key.should.equal("AKIAIOSFODNN7EXAMPLE")
    credentials.secret_key.should.equal("aJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY")

    role.user.arn.should.equal("arn:aws:iam::123456789012:role/test-role")
    role.user.assume_role_id.should.contain("session-name")
コード例 #9
0
 def updateTokens(self, goldenFile):
     print "Updating tokens..."
     mfaSerials = self.__getMfaSerial__(goldenFile)
     default = None
     print self.sections()
     for x in self.sections():
         vals = x.split()
         if x == vals[0]:
             print "%s: %s" % (x, vals[0])
             default = self.listSections()
         else:
             section = vals[1]
             credentials = mfaSerials[section]
             timeout = self.token_timeout * 60 * 60
             msg = "Updating token for %s" % section
             if default == section:
                 msg += " and for default"
             mfa = raw_input("MFA for %s: " % section)
             sts = connect_sts(aws_access_key_id = credentials['aws_access_key_id'],
                               aws_secret_access_key = credentials['aws_secret_access_key'])
             token = sts.get_session_token(duration = timeout, force_new = True,
                                       mfa_serial_number = credentials['mfa_serial_number'], mfa_token = mfa)
             self.set(x, 'aws_access_key_id', token.access_key)
             self.set(x, 'aws_secret_access_key', token.secret_key)
             self.set(x, 'aws_session_token', token.session_token)
             self.set(x, 'region', credentials['region'])
     if default:
         self.__setDefault__(default)
     with open(self.awsConfig, 'wb') as configfile:
         self.write(configfile)
コード例 #10
0
ファイル: stsops.py プロジェクト: gholms/eutester 
    def setup_sts_connection(self, endpoint=None, region=None, aws_access_key_id=None, aws_secret_access_key=None, path="/",port=443, is_secure=True, boto_debug=0):
        sts_region = RegionInfo()
        if region:
            self.debug("Check region: " + str(region))
            try:
                if not endpoint:
                    sts_region.endpoint = EC2RegionData[region]
                else:
                    sts_region.endpoint = endpoint
            except KeyError:
                raise Exception( 'Unknown region: %s' % region)
        else:
            sts_region.name = 'eucalyptus'
            if endpoint:
                sts_region.endpoint = endpoint
            else:
                sts_region.endpoint = self.get_ec2_ip()

        try:
            sts_connection_args = { 'aws_access_key_id' : aws_access_key_id,
                                    'aws_secret_access_key': aws_secret_access_key,
                                    'is_secure': is_secure,
                                    'debug':boto_debug,
                                    'port' : port,
                                    'path' : path,
                                    'region' : sts_region}
            self.debug("Attempting to create STS connection to " + self.get_ec2_ip() + ':' + str(port) + path)
            self.tokens = boto.connect_sts(**sts_connection_args)
        except Exception, e:
            self.critical("Was unable to create STS connection because of exception: " + str(e))
コード例 #11
0
ファイル: file.py プロジェクト: kidaa/encoded 
def external_creds(bucket, key, name, profile_name=None):
    policy = {
        'Version': '2012-10-17',
        'Statement': [
            {
                'Effect': 'Allow',
                'Action': 's3:PutObject',
                'Resource': 'arn:aws:s3:::{bucket}/{key}'.format(bucket=bucket, key=key),
            }
        ]
    }
    conn = boto.connect_sts(profile_name=profile_name)
    token = conn.get_federation_token(name, policy=json.dumps(policy))
    # 'access_key' 'secret_key' 'expiration' 'session_token'
    credentials = token.credentials.to_dict()
    credentials.update({
        'upload_url': 's3://{bucket}/{key}'.format(bucket=bucket, key=key),
        'federated_user_arn': token.federated_user_arn,
        'federated_user_id': token.federated_user_id,
        'request_id': token.request_id,
    })
    return {
        'service': 's3',
        'bucket': bucket,
        'key': key,
        'upload_credentials': credentials,
    }
コード例 #12
0
ファイル: file.py プロジェクト: tweep/t2dream-portal 
def external_creds(bucket, key, name, profile_name=None):
    policy = {
        'Version':
        '2012-10-17',
        'Statement': [{
            'Effect':
            'Allow',
            'Action':
            's3:PutObject',
            'Resource':
            'arn:aws:s3:::{bucket}/{key}'.format(bucket=bucket, key=key),
        }]
    }
    conn = boto.connect_sts(profile_name=profile_name)
    token = conn.get_federation_token(name, policy=json.dumps(policy))
    # 'access_key' 'secret_key' 'expiration' 'session_token'
    credentials = token.credentials.to_dict()
    credentials.update({
        'upload_url':
        's3://{bucket}/{key}'.format(bucket=bucket, key=key),
        'federated_user_arn':
        token.federated_user_arn,
        'federated_user_id':
        token.federated_user_id,
        'request_id':
        token.request_id,
    })
    return {
        'service': 's3',
        'bucket': bucket,
        'key': key,
        'upload_credentials': credentials,
    }
コード例 #13
0
ファイル: sts.py プロジェクト: EADPCloudSeattle/lemur 
def assume_service(account_number, service, region='us-east-1'):
    conn = boto.connect_sts()

    role = conn.assume_role('arn:aws:iam::{0}:role/{1}'.format(
        account_number, current_app.config.get('LEMUR_INSTANCE_PROFILE', 'Lemur')), 'blah')

    if service in 'iam':
        return boto.connect_iam(
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token)

    elif service in 'elb':
        return boto.ec2.elb.connect_to_region(
            region,
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token)

    elif service in 'vpc':
        return boto.connect_vpc(
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token)

    elif service in 's3':
        return boto.s3.connect_to_region(
            region,
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token)
コード例 #14
0
def test_get_session_token():
    conn = boto.connect_sts()
    token = conn.get_session_token(duration=123)

    token.expiration.should.equal('2012-01-01T12:02:03Z')
    token.session_token.should.equal("AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE")
    token.access_key.should.equal("AKIAIOSFODNN7EXAMPLE")
    token.secret_key.should.equal("wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY")
コード例 #15
0
def test_get_session_token():
    conn = boto.connect_sts()
    token = conn.get_session_token(duration=123)

    token.expiration.should.equal('2012-01-01T12:02:03Z')
    token.session_token.should.equal("AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE")
    token.access_key.should.equal("AKIAIOSFODNN7EXAMPLE")
    token.secret_key.should.equal("wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY")
コード例 #16
0
def aws_connection(connection_type, region, account_id):
    sts = boto.connect_sts()
    role = sts.assume_role('arn:aws:iam::' + account_id + ':role/BaseRole', 'baserole')

    if connection_type == 'ec2':
        return boto.ec2.connect_to_region(region,
                                          aws_access_key_id=role.credentials.access_key,
                                          aws_secret_access_key=role.credentials.secret_key,
                                          security_token=role.credentials.session_token)
コード例 #17
0
def test_get_federation_token():
    conn = boto.connect_sts()
    token = conn.get_federation_token(duration=123, name="Bob")

    token.credentials.expiration.should.equal('2012-01-01T12:02:03Z')
    token.credentials.session_token.should.equal("AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==")
    token.credentials.access_key.should.equal("AKIAIOSFODNN7EXAMPLE")
    token.credentials.secret_key.should.equal("wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY")
    token.federated_user_arn.should.equal("arn:aws:sts::123456789012:federated-user/Bob")
    token.federated_user_id.should.equal("123456789012:Bob")
コード例 #18
0
ファイル: test_sts.py プロジェクト: DarthLorenzo/moto 
def test_get_federation_token():
    conn = boto.connect_sts()
    token = conn.get_federation_token(duration=123, name="Bob")

    token.credentials.expiration.should.equal('2012-01-01T12:02:03.000Z')
    token.credentials.session_token.should.equal("AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==")
    token.credentials.access_key.should.equal("AKIAIOSFODNN7EXAMPLE")
    token.credentials.secret_key.should.equal("wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY")
    token.federated_user_arn.should.equal("arn:aws:sts::123456789012:federated-user/Bob")
    token.federated_user_id.should.equal("123456789012:Bob")
コード例 #19
0
ファイル: layer1.py プロジェクト: jonathanq/boto 
 def _get_session_token(self):
     if self._need_session_token:
         boto.log.debug('Creating new Session Token')
         sts = boto.connect_sts(self._passed_access_key,
                                self._passed_secret_key)
         token = sts.get_session_token()
         self.provider = Provider(self._provider_type, token.access_key,
                                  token.secret_key, token.session_token)
     else:
         self.provider = Provider(self._provider_type)
     self._auth_handler.update_provider(self.provider)
コード例 #20
0
def fetch_sts_credentials(key_id, secret, mfa_serial, mfa_code):
    if not mfa_serial or len(mfa_serial) < 1:
        print 'Error, you need to provide your MFA device\'s serial number.'
        return None, None, None
    if not mfa_code or len(mfa_code) < 1:
        print 'Error, you need to provide the code displayed by your MFA device.'
        return None, None, None
    sts_connection = boto.connect_sts(key_id, secret)
    # For now, don't set the duration and use default 12hours
    sts_response = sts_connection.get_session_token(mfa_serial_number = mfa_serial[0], mfa_token = mfa_code[0])
    return sts_response.access_key, sts_response.secret_key, sts_response.session_token
コード例 #21
0
ファイル: utils.py プロジェクト: hajdbo/Scout2 
def fetch_sts_credentials(key_id, secret, mfa_serial, mfa_code):
    if not mfa_serial or len(mfa_serial) < 1:
        print 'Error, you need to provide your MFA device\'s serial number.'
        return None, None, None
    if not mfa_code or len(mfa_code) < 1:
        print 'Error, you need to provide the code displayed by your MFA device.'
        return None, None, None
    sts_connection = boto.connect_sts(key_id, secret)
    # For now, don't set the duration and use default 12hours
    sts_response = sts_connection.get_session_token(mfa_serial_number = mfa_serial, mfa_token = mfa_code[0])
    return sts_response.access_key, sts_response.secret_key, sts_response.session_token
コード例 #22
0
ファイル: utils.py プロジェクト: bhollemb/AWSUtils 
def init_sts_session(key_id, secret, mfa_serial = None, mfa_code = None):
    if not mfa_serial:
        # Prompt for MFA serial
        mfa_serial = prompt_4_mfa_serial()
        save_no_mfa_credentials = True
    if not mfa_code:
        # Prompt for MFA code
        mfa_code = prompt_4_mfa_code()
    # Fetch session token and set the duration to 8 hours
    sts_connection = boto.connect_sts(key_id, secret)
    sts_response = sts_connection.get_session_token(mfa_serial_number = mfa_serial, mfa_token = mfa_code, duration = 28800)
    return sts_response.access_key, sts_response.secret_key, sts_response.session_token
コード例 #23
0
ファイル: layer1.py プロジェクト: 2uinc/boto 
 def _get_session_token(self):
     if self._need_session_token:
         boto.log.debug('Creating new Session Token')
         sts = boto.connect_sts(self._passed_access_key,
                                self._passed_secret_key)
         token = sts.get_session_token()
         self.provider = Provider(self._provider_type,
                                  token.access_key,
                                  token.secret_key,
                                  token.session_token)
     else:
         self.provider = Provider(self._provider_type)
     self._auth_handler.update_provider(self.provider)
コード例 #24
0
ファイル: sts_del_obj.py プロジェクト: jfinken/python 
    def connect_s3(self):
        sts = boto.connect_sts()

        assumed_role = sts.assume_role(self.role_arn, self.session_name)

        print assumed_role
        
        temp_creds = assumed_role.credentials
        access = temp_creds.access_key
        secret = temp_creds.secret_key
        token = temp_creds.session_token

        # create connection to S3
        return boto.connect_s3(aws_access_key_id=access, aws_secret_access_key=secret, security_token=token)
コード例 #25
0
ファイル: layer1.py プロジェクト: djacobs/boto 
 def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
              is_secure=True, port=None, proxy=None, proxy_port=None,
              host=None, debug=0, session_token=None):
     if not host:
         host = self.DefaultHost
     if not session_token:
         self.sts = boto.connect_sts(aws_access_key_id,
                                     aws_secret_access_key)
         session_token = self.sts.get_session_token()
     self.creds = session_token
     AWSAuthConnection.__init__(self, host,
                                self.creds.access_key,
                                self.creds.secret_key,
                                is_secure, port, proxy, proxy_port,
                                debug=debug,
                                security_token=self.creds.session_token)
コード例 #26
0
ファイル: roleRun.py プロジェクト: jeremy-h/cloudtools 
def main(args):
    import logging
    from sys import argv

    log = logging.getLogger(argv[0])
    logging.basicConfig()
    if args['--verbose']:
        log.setLevel(logging.DEBUG)

    import boto

    role_arn = args['--role']

    sts = boto.connect_sts()

    session_name = args['--session'] or "roleRun"

    log.debug("using session name {}".format(session_name))

    role_creds = sts.assume_role(role_arn, "roleRun")

    # just print environment variables
    if args['--env']:
        log.debug("Creating environment args to take into the current shell")
        print("AWS_ACCESS_KEY_ID={} AWS_SECRET_ACCESS_KEY={} AWS_SECURITY_TOKEN={}"
              .format(role_creds.credentials.access_key,
                      role_creds.credentials.secret_key,
                      role_creds.credentials.session_token))

    # run a command
    else:
        from subprocess import call
        from sys import exit
        from os import environ

        log.debug("Adding credentials to the local environment")
        environ['AWS_ACCESS_KEY_ID']=role_creds.credentials.access_key
        environ['AWS_SECRET_ACCESS_KEY']=role_creds.credentials.secret_key
        environ['AWS_SECURITY_TOKEN']=role_creds.credentials.session_token

        command = args['<command>']

        log.debug("executing command '{}'".format( ' '.join(command)))
        exit(call( command ))
コード例 #27
0
ファイル: stsops.py プロジェクト: vasiliykochergin/eutester 
    def setup_sts_connection(
        self,
        endpoint=None,
        region=None,
        aws_access_key_id=None,
        aws_secret_access_key=None,
        path="/",
        port=443,
        is_secure=True,
        boto_debug=0,
    ):
        sts_region = RegionInfo()
        if region:
            self.debug("Check region: " + str(region))
            try:
                if not endpoint:
                    sts_region.endpoint = EC2RegionData[region]
                else:
                    sts_region.endpoint = endpoint
            except KeyError:
                raise Exception("Unknown region: %s" % region)
        else:
            sts_region.name = "eucalyptus"
            if endpoint:
                sts_region.endpoint = endpoint
            else:
                sts_region.endpoint = self.get_sts_ip()

        try:
            sts_connection_args = {
                "aws_access_key_id": aws_access_key_id,
                "aws_secret_access_key": aws_secret_access_key,
                "is_secure": is_secure,
                "debug": boto_debug,
                "port": port,
                "path": path,
                "region": sts_region,
            }
            self.debug("Attempting to create STS connection to " + sts_region.endpoint + ":" + str(port) + path)
            self.tokens = boto.connect_sts(**sts_connection_args)
        except Exception, e:
            self.critical("Was unable to create STS connection because of exception: " + str(e))
コード例 #28
0
def get_creds(aws_access_key_id, aws_secret_access_key, aws_role_arn):
    """Helper method that returns a new AWS config with temp credentials

    Args:
      aws_access_key_id (str): AWS access key id (public)
      aws_secret_access_key (str): AWS secret key (private)
    """
    aws_config = {'aws_access_key_id': aws_access_key_id,
                  "aws_secret_access_key": aws_secret_access_key}
    iam_conn = boto.connect_iam(**aws_config)
    sts_conn = boto.connect_sts(**aws_config)
    username = input('Please provide AWS username: '******'list_mfa_devices_response']
                   ['list_mfa_devices_result']
                   ['mfa_devices'])

    if len(mfa_devices) > 1:
        raise AuthException('Unable to handle a user with multiple MFA devices')

    if len(mfa_devices) == 0:
        raise AuthException('Must have MFA device to get temporary credentials')

    mfa_serial_number = mfa_devices[0]['serial_number']
    mfa_token = input('Please enter your 6 digit MFA token: ')

    assumed_role = sts_conn.assume_role(
        role_arn=aws_role_arn,
        role_session_name='AssumeRoleSessionWithMFA',
        mfa_serial_number=mfa_serial_number,
        mfa_token=mfa_token
    )

    return dict(aws_access_key_id=assumed_role.credentials.access_key,
                aws_secret_access_key=assumed_role.credentials.secret_key,
                aws_security_token=assumed_role.credentials.session_token)
コード例 #29
0
ファイル: auth.py プロジェクト: azavea/cac-tripplanner 
def get_creds(aws_access_key_id, aws_secret_access_key, aws_role_arn):
    """Helper method that returns a new AWS config with temp credentials

    Args:
      aws_access_key_id (str): AWS access key id (public)
      aws_secret_access_key (str): AWS secret key (private)
    """
    aws_config = {'aws_access_key_id': aws_access_key_id,
                  "aws_secret_access_key": aws_secret_access_key}
    iam_conn = boto.connect_iam(**aws_config)
    sts_conn = boto.connect_sts(**aws_config)
    username = raw_input('Please provide AWS username: '******'list_mfa_devices_response']
                   ['list_mfa_devices_result']
                   ['mfa_devices'])

    if len(mfa_devices) > 1:
        raise AuthException('Unable to handle a user with multiple MFA devices')

    if len(mfa_devices) == 0:
        raise AuthException('Must have MFA device to get temporary credentials')

    mfa_serial_number = mfa_devices[0]['serial_number']
    mfa_token = raw_input('Please enter your 6 digit MFA token: ')

    assumed_role = sts_conn.assume_role(
        role_arn=aws_role_arn,
        role_session_name='AssumeRoleSessionWithMFA',
        mfa_serial_number=mfa_serial_number,
        mfa_token=mfa_token
    )

    return dict(aws_access_key_id=assumed_role.credentials.access_key,
                aws_secret_access_key=assumed_role.credentials.secret_key,
                aws_security_token=assumed_role.credentials.session_token)
コード例 #30
0
def get_session_credentials(dataset_name):
    if dataset_name == '':
        return {}
    context = {'model': model, 'session': model.Session,
               'user': c.user or c.author, 'auth_user_obj': c.userobj,
               'save': 'save' in request.params}
    try:
        logic.check_access('package_create', context)
        logic.check_access('package_update', context, {'id': dataset_name})

        sts = boto.connect_sts();
        policy=_get_policy(dataset_name)
        # tok = sts.get_session_token(duration=3600)
        tok = sts.assume_role(config.get('ckanext.s3multipart.s3_role', ''),
                              (c.user+"@"+config.get('ckan.site_id', ''))[:32],
                              policy=policy
                            ).credentials
        return tok.to_dict()
    except boto.exception.NoAuthHandlerFound, e:
        log.error("Amazon AWS credentials not set up for boto. "
                  "Please refer to https://boto.readthedocs.org/en/latest/boto_config_tut.html")
        h.flash_error("Amazon AWS credentials not set up for boto. "
                      "Please refer to https://boto.readthedocs.org/en/latest/boto_config_tut.html")
        return {}
コード例 #31
0
DYNAMO_TABLE_NAME = 'YOUR_TABLE_NAME'
KINESIS_STREAM_NAME = 'YOUR_KINESIS_STREAM_NAME'
ACCOUNT_ID = 'YOUR_ACCOUNT_ID'
IDENTITY_POOL_ID = 'YOUR_IDENTITY_POOL_ID'
ROLE_ARN = 'YOUR_ROLE_ARN'

#################################################
# Instantiate cognito and obtain security token #
#################################################
# Use cognito to get an identity.
cognito = boto.connect_cognito_identity()
cognito_id = cognito.get_id(ACCOUNT_ID, IDENTITY_POOL_ID)
oidc = cognito.get_open_id_token(cognito_id['IdentityId'])

# Further setup your STS using the code below
sts = boto.connect_sts()
assumedRoleObject = sts.assume_role_with_web_identity(ROLE_ARN, "XX", oidc['Token'])

# Connect to dynamoDB and kinesis
client_dynamo = boto.dynamodb2.connect_to_region(
	'us-east-1',
	aws_access_key_id=assumedRoleObject.credentials.access_key,
    aws_secret_access_key=assumedRoleObject.credentials.secret_key,
    security_token=assumedRoleObject.credentials.session_token)

client_kinesis = boto.connect_kinesis(
	aws_access_key_id=assumedRoleObject.credentials.access_key,
	aws_secret_access_key=assumedRoleObject.credentials.secret_key,
	security_token=assumedRoleObject.credentials.session_token)

from boto.dynamodb2.table import Table
コード例 #32
0
 def _get_session_token(self):
     boto.log.debug('Creating new Session Token')
     sts = boto.connect_sts(self._passed_access_key,
                            self._passed_secret_key)
     return sts.get_session_token()
コード例 #33
0
ファイル: __init__.py プロジェクト: ilatvala/eutester 
            self.debug("Attempting to create IAM connection to " +
                       self.get_ec2_ip())
            self.euare = boto.connect_iam(**euare_connection_args)
        except Exception, e:
            self.critical(
                "Was unable to create IAM connection because of exception: " +
                str(e))

        try:
            sts_connection_args = copy.copy(connection_args)
            sts_connection_args['path'] = "/services/Tokens"
            sts_connection_args['region'] = self.region
            ec2_connection_args['api_version'] = APIVersion
            self.debug("Attempting to create STS connection to " +
                       self.get_ec2_ip())
            self.tokens = boto.connect_sts(**sts_connection_args)
        except Exception, e:
            self.critical(
                "Was unable to create STS connection because of exception: " +
                str(e))

    def get_access_key(self):
        """Parse the eucarc for the EC2_ACCESS_KEY"""
        return self.parse_eucarc("EC2_ACCESS_KEY")

    def get_secret_key(self):
        """Parse the eucarc for the EC2_SECRET_KEY"""
        return self.parse_eucarc("EC2_SECRET_KEY")

    def get_account_id(self):
        """Parse the eucarc for the EC2_ACCOUNT_NUMBER"""
コード例 #34
0
ファイル: getCreds.py プロジェクト: rymurr/etcdserver 
import boto

try:
    from secret import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
    TOKEN = None
except:
    try:
        sts = boto.connect_sts()
        ar = sts.assume_role(role_arn="arn:aws:iam::710599580852:role/remote", role_session_name="rymurr")
        AWS_ACCESS_KEY_ID = ar.credentials.access_key
        AWS_SECRET_ACCESS_KEY = ar.credentials.secret_key
        TOKEN = ar.credentials.session_token
    except:
        TOKEN = None
        AWS_ACCESS_KEY_ID = None
        AWS_SECRET_ACCESS_KEY = None

conn = boto.connect_s3(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
bucket = conn.get_bucket('0NK38GF20CCT6VYTBG02'.lower() + '-server')
bucket.get_key('server.key').get_contents_to_filename('server.key')
bucket.get_key('server.crt').get_contents_to_filename('server.crt')
bucket.get_key('myca.crt').get_contents_to_filename('myca.crt')
コード例 #35
0
ファイル: sts_connect.py プロジェクト: JaguarSecurity/SMG 
def connect(account_name, connection_type, **args):
    """

    Examples of use:
    ec2 = sts_connect.connect(environment, 'ec2', region=region, validate_certs=False)
    ec2 = sts_connect.connect(environment, 'ec2', validate_certs=False, debug=1000)
    ec2 = sts_connect.connect(environment, 'ec2')
    where environment is ( test, prod, dev )
    s3  = sts_connect.connect(environment, 's3')
    ses = sts_connect.connect(environment, 'ses')

    :param account: Account to connect with (i.e. test, prod, dev)

    :raises Exception: RDS Region not valid
                       AWS Tech not supported.

    :returns: STS Connection Object for given tech

    :note: To use this method a SecurityMonkey role must be created
            in the target account with full read only privledges.
    """
    account = Account.query.filter(Account.name == account_name).first()
    sts = boto.connect_sts()
    role = sts.assume_role('arn:aws:iam::' + account.number + ':role/SecurityMonkey', 'secmonkey')

    if connection_type == 'ec2':
        return boto.connect_ec2(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 'elb':
        if 'region' in args:
            region = args['region']
            del args['region']
        else:
            region = 'us-east-1'

        return boto.ec2.elb.connect_to_region(
            region,
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 's3':
        if 'region' in args:
            region = args['region']
            # drop region key-val pair from args or you'll get an exception
            del args['region']
            return boto.s3.connect_to_region(
                region,
                aws_access_key_id=role.credentials.access_key,
                aws_secret_access_key=role.credentials.secret_key,
                security_token=role.credentials.session_token,
                **args)

        return boto.connect_s3(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 'ses':
        return boto.connect_ses(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 'iam':
        if 'region' in args:
            region = args['region']
            # drop region key-val pair from args or you'll get an exception
            del args['region']
            return boto.iam.connect_to_region(
                region,
                aws_access_key_id=role.credentials.access_key,
                aws_secret_access_key=role.credentials.secret_key,
                security_token=role.credentials.session_token,
                **args)

        return boto.connect_iam(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 'route53':
        return boto.connect_route53(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 'sns':
        if 'region' in args:
            region = args['region']
            del args['region']
            return boto.sns.connect_to_region(
                region.name,
                aws_access_key_id=role.credentials.access_key,
                aws_secret_access_key=role.credentials.secret_key,
                security_token=role.credentials.session_token,
                **args)

        return boto.connect_sns(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 'sqs':
        if 'region' in args:
            region = args['region']
            del args['region']
            return boto.sqs.connect_to_region(
                region.name,
                aws_access_key_id=role.credentials.access_key,
                aws_secret_access_key=role.credentials.secret_key,
                security_token=role.credentials.session_token,
                **args)

        return boto.connect_sqs(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 'vpc':
        return boto.connect_vpc(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 'rds':
        if 'region' in args:
            reg = args['region']
            rds_region = None
            for boto_region in boto.rds.regions():
                if reg.name == boto_region.name:
                    rds_region = boto_region

            if rds_region is None:
                raise Exception('The supplied region {0} is not in boto.rds.regions. {1}'.format(reg, boto.rds.regions()))

        return boto.connect_rds(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    err_msg = 'The connection_type supplied (%s) is not implemented.' % connection_type
    raise Exception(err_msg)
コード例 #36
0
import hashlib
import argparse

parser = argparse.ArgumentParser(description="outputs security configuration of an AWS account")
parser.add_argument("-a", "--access_key_id", required=True, help="access key id")
parser.add_argument("-k", "--secret_access_key", required=True, help="secret access key")
parser.add_argument("-t", "--security_token", help="security token (for use with temporary security credentials)")
parser.add_argument("-r", "--role", help="role to assume")
parser.add_argument("-v", "--verbose", action="store_true", help="enable verbose mode")
parser.add_argument("-d", "--debug", action="store_true", help="enable debug mode")

args = parser.parse_args()
access_key_id = args.access_key_id
secret_access_key = args.secret_access_key
security_token = args.security_token
sts = boto.connect_sts(access_key_id, secret_access_key)

if args.role:
    assumed_role = sts.assume_role(args.role, "SecAudit")
    access_key_id = assumed_role.credentials.access_key
    secret_access_key = assumed_role.credentials.secret_key
    security_token = assumed_role.credentials.session_token


def debug(str):
    if args.debug:
        print str


def verbose(str):
    if args.verbose or args.debug:
コード例 #37
0
ファイル: SecConfig.py プロジェクト: jyotibhanot30/scripts 
    help='security token (for use with temporary security credentials)')
parser.add_argument('-r', '--role', help='role to assume')
parser.add_argument('-v',
                    '--verbose',
                    action="store_true",
                    help='enable verbose mode')
parser.add_argument('-d',
                    '--debug',
                    action="store_true",
                    help='enable debug mode')

args = parser.parse_args()
access_key_id = args.access_key_id
secret_access_key = args.secret_access_key
security_token = args.security_token
sts = boto.connect_sts(access_key_id, secret_access_key)

if args.role:
    assumed_role = sts.assume_role(args.role, "SecAudit")
    access_key_id = assumed_role.credentials.access_key
    secret_access_key = assumed_role.credentials.secret_key
    security_token = assumed_role.credentials.session_token


def debug(str):
    if args.debug:
        print str


def verbose(str):
    if args.verbose or args.debug:
コード例 #38
0
import boto
from boto.s3.connection import S3Connection
from boto.sts import STSConnection
import getopt, sys

if (len(sys.argv) <> 6):
    print 'Usage ' + sys.argv[0] + ' access_key secret_key mfa_serial_number mfa_token duration'
    exit(1)

access_key = sys.argv[1]
secret_key = sys.argv[2]
mfa_serial_number = sys.argv[3]
mfa_token = sys.argv[4]
duration = sys.argv[5]

sts = boto.connect_sts(access_key, secret_key)

token = sts.get_session_token(duration = 3600, force_new = True, mfa_serial_number = mfa_serial_number, mfa_token = mfa_token)
print('export AWS_ACCESS_KEY_ID=' + token.access_key )
print('export AWS_SECRET_ACCESS_KEY=' + token.secret_key )
print('export AWS_SECURITY_TOKEN=' + token.session_token )
コード例 #39
0
def connect(account_name, connection_type, **args):
    """

    Examples of use:
    ec2 = sts_connect.connect(environment, 'ec2', region=region, validate_certs=False)
    ec2 = sts_connect.connect(environment, 'ec2', validate_certs=False, debug=1000)
    ec2 = sts_connect.connect(environment, 'ec2')
    where environment is ( test, prod, dev )
    s3  = sts_connect.connect(environment, 's3')
    ses = sts_connect.connect(environment, 'ses')

    :param account: Account to connect with (i.e. test, prod, dev)

    :raises Exception: RDS Region not valid
                       AWS Tech not supported.

    :returns: STS Connection Object for given tech

    :note: To use this method a SecurityMonkey role must be created
            in the target account with full read only privledges.
    """
    account = Account.query.filter(Account.name == account_name).first()
    sts = boto.connect_sts()
    role = sts.assume_role(
        'arn:aws:iam::' + account.number + ':role/SecurityMonkey', 'secmonkey')

    if connection_type == 'ec2':
        return boto.connect_ec2(role.credentials.access_key,
                                role.credentials.secret_key,
                                security_token=role.credentials.session_token,
                                **args)

    if connection_type == 'elb':
        if 'region' in args:
            region = args['region']
            del args['region']
        else:
            region = 'us-east-1'

        return boto.ec2.elb.connect_to_region(
            region,
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 's3':
        if 'region' in args:
            region = args['region']
            # drop region key-val pair from args or you'll get an exception
            del args['region']
            return boto.s3.connect_to_region(
                region,
                aws_access_key_id=role.credentials.access_key,
                aws_secret_access_key=role.credentials.secret_key,
                security_token=role.credentials.session_token,
                **args)

        return boto.connect_s3(role.credentials.access_key,
                               role.credentials.secret_key,
                               security_token=role.credentials.session_token,
                               **args)

    if connection_type == 'ses':
        return boto.connect_ses(role.credentials.access_key,
                                role.credentials.secret_key,
                                security_token=role.credentials.session_token,
                                **args)

    if connection_type == 'iam':
        if 'region' in args:
            region = args['region']
            # drop region key-val pair from args or you'll get an exception
            del args['region']
            return boto.iam.connect_to_region(
                region,
                aws_access_key_id=role.credentials.access_key,
                aws_secret_access_key=role.credentials.secret_key,
                security_token=role.credentials.session_token,
                **args)

        return boto.connect_iam(role.credentials.access_key,
                                role.credentials.secret_key,
                                security_token=role.credentials.session_token,
                                **args)

    if connection_type == 'route53':
        return boto.connect_route53(
            role.credentials.access_key,
            role.credentials.secret_key,
            security_token=role.credentials.session_token,
            **args)

    if connection_type == 'sns':
        if 'region' in args:
            region = args['region']
            del args['region']
            return boto.sns.connect_to_region(
                region.name,
                aws_access_key_id=role.credentials.access_key,
                aws_secret_access_key=role.credentials.secret_key,
                security_token=role.credentials.session_token,
                **args)

        return boto.connect_sns(role.credentials.access_key,
                                role.credentials.secret_key,
                                security_token=role.credentials.session_token,
                                **args)

    if connection_type == 'sqs':
        if 'region' in args:
            region = args['region']
            del args['region']
            return boto.sqs.connect_to_region(
                region.name,
                aws_access_key_id=role.credentials.access_key,
                aws_secret_access_key=role.credentials.secret_key,
                security_token=role.credentials.session_token,
                **args)

        return boto.connect_sqs(role.credentials.access_key,
                                role.credentials.secret_key,
                                security_token=role.credentials.session_token,
                                **args)

    if connection_type == 'vpc':
        return boto.connect_vpc(role.credentials.access_key,
                                role.credentials.secret_key,
                                security_token=role.credentials.session_token,
                                **args)

    if connection_type == 'rds':
        if 'region' in args:
            reg = args['region']
            rds_region = None
            for boto_region in boto.rds.regions():
                if reg.name == boto_region.name:
                    rds_region = boto_region

            if rds_region is None:
                raise Exception(
                    'The supplied region {0} is not in boto.rds.regions. {1}'.
                    format(reg, boto.rds.regions()))

        return boto.connect_rds(role.credentials.access_key,
                                role.credentials.secret_key,
                                security_token=role.credentials.session_token,
                                **args)

    err_msg = 'The connection_type supplied (%s) is not implemented.' % connection_type
    raise Exception(err_msg)
コード例 #40
0
ファイル: __init__.py プロジェクト: nelsonc/eutester 
                aws_secret_access_key=aws_secret_access_key,
                is_secure=False,
                host=self.get_ec2_ip(),
                port=8773,
                path="/services/Euare",
                debug=self.boto_debug)
        except Exception, e:
            self.critical(
                "Was unable to create IAM connection because of exception: " +
                str(e))

        try:
            self.tokens = boto.connect_sts(
                aws_access_key_id=aws_access_key_id,
                aws_secret_access_key=aws_secret_access_key,
                region=self.region,
                port=8773,
                path="/services/Tokens",
                is_secure=False,
                debug=self.boto_debug)

        except Exception, e:
            self.critical(
                "Was unable to create STS connection because of exception: " +
                str(e))

    def get_access_key(self):
        """Parse the eucarc for the EC2_ACCESS_KEY"""
        return self.parse_eucarc("EC2_ACCESS_KEY")

    def get_secret_key(self):
        """Parse the eucarc for the EC2_SECRET_KEY"""
コード例 #41
0
ファイル: __init__.py プロジェクト: nelsonc/eutester 
                aws_secret_access_key=aws_secret_access_key,
                is_secure=False,
                host=self.get_ec2_ip(),
                port=8773,
                path="/services/Euare",
                debug=self.boto_debug,
            )
        except Exception, e:
            self.critical("Was unable to create IAM connection because of exception: " + str(e))

        try:
            self.tokens = boto.connect_sts(
                aws_access_key_id=aws_access_key_id,
                aws_secret_access_key=aws_secret_access_key,
                region=self.region,
                port=8773,
                path="/services/Tokens",
                is_secure=False,
                debug=self.boto_debug,
            )

        except Exception, e:
            self.critical("Was unable to create STS connection because of exception: " + str(e))

    def get_access_key(self):
        """Parse the eucarc for the EC2_ACCESS_KEY"""
        return self.parse_eucarc("EC2_ACCESS_KEY")

    def get_secret_key(self):
        """Parse the eucarc for the EC2_SECRET_KEY"""
        return self.parse_eucarc("EC2_SECRET_KEY")
コード例 #42
0
ファイル: __init__.py プロジェクト: PaulWeiss/eutester 
        try:
            euare_connection_args = copy.copy(connection_args)
            euare_connection_args['path'] = "/services/Euare"
            euare_connection_args['host'] = self.get_ec2_ip()
            self.debug("Attempting to create IAM connection to " + self.get_ec2_ip())
            self.euare = boto.connect_iam(**euare_connection_args)
        except Exception, e:
            self.critical("Was unable to create IAM connection because of exception: " + str(e))

        try:
            sts_connection_args = copy.copy(connection_args)
            sts_connection_args['path'] = "/services/Tokens"
            sts_connection_args['region'] = self.region
            ec2_connection_args['api_version'] = APIVersion
            self.debug("Attempting to create STS connection to " + self.get_ec2_ip())
            self.tokens = boto.connect_sts(**sts_connection_args)
        except Exception, e:
            self.critical("Was unable to create STS connection because of exception: " + str(e))

    def get_access_key(self):
        """Parse the eucarc for the EC2_ACCESS_KEY"""
        return self.parse_eucarc("EC2_ACCESS_KEY")   
    
    def get_secret_key(self):
        """Parse the eucarc for the EC2_SECRET_KEY"""
        return self.parse_eucarc("EC2_SECRET_KEY")
    
    def get_account_id(self):
        """Parse the eucarc for the EC2_ACCOUNT_NUMBER"""
        return self.parse_eucarc("EC2_ACCOUNT_NUMBER")
コード例 #43
0
def connect(account_name, connection_type, **args):
    """

    Examples of use:
    ec2 = sts_connect.connect(environment, 'ec2', region=region, validate_certs=False)
    ec2 = sts_connect.connect(environment, 'ec2', validate_certs=False, debug=1000)
    ec2 = sts_connect.connect(environment, 'ec2')
    where environment is ( test, prod, dev )
    s3  = sts_connect.connect(environment, 's3')
    ses = sts_connect.connect(environment, 'ses')

    :param account: Account to connect with (i.e. test, prod, dev)

    :raises Exception: RDS Region not valid
                       AWS Tech not supported.

    :returns: STS Connection Object for given tech

    :note: To use this method a SecurityMonkey role must be created
            in the target account with full read only privileges.
    """
    account = Account.query.filter(Account.name == account_name).first()
    sts = boto.connect_sts()
    role_name = 'SecurityMonkey'
    if account.role_name and account.role_name != '':
        role_name = account.role_name
    role = sts.assume_role(
        'arn:aws:iam::' + account.number + ':role/' + role_name, 'secmonkey')

    if connection_type == 'botocore':
        botocore_session = botocore.session.get_session()
        botocore_session.set_credentials(role.credentials.access_key,
                                         role.credentials.secret_key,
                                         token=role.credentials.session_token)
        return botocore_session

    region = 'us-east-1'
    if 'region' in args:
        region = args.pop('region')
        if hasattr(region, 'name'):
            region = region.name

    if 'boto3' in connection_type:
        # Should be called in this format: boto3.iam.client
        _, tech, api = connection_type.split('.')
        session = boto3.Session(
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            aws_session_token=role.credentials.session_token,
            region_name=region)
        if api == 'resource':
            return session.resource(tech)
        return session.client(tech)

    module = __import__("boto.{}".format(connection_type))
    for subm in connection_type.split('.'):
        module = getattr(module, subm)

    return module.connect_to_region(
        region,
        aws_access_key_id=role.credentials.access_key,
        aws_secret_access_key=role.credentials.secret_key,
        security_token=role.credentials.session_token)
コード例 #44
0
ファイル: layer1.py プロジェクト: evanworley/boto 
 def _get_session_token(self):
     boto.log.debug('Creating new Session Token')
     sts = boto.connect_sts(self._passed_access_key,
                            self._passed_secret_key)
     return sts.get_session_token()
コード例 #45
0
class dynamoMethods:
    def __init__(self, dbName):
        self.table_dynamo = None
        ####################################################################
        # YOUR CODE HERE
        try:
            #1. create new table
            self.table_dynamo = #HINT: Table.create; #HINT 2: Use CUID as your hashkey
            print "New Table Created"
        except Exception as e:
            #2.table already exists, so get the table
            self.table_dynamo = #HINT: Remember to use "connection=client.dynamo"
            print "Table Already Exists"
        ####################################################################

    def dynamoAdd(self, cuid, name, password):
        ####################################################################
        # YOUR CODE HERE
        #1. Check table for entries that have the same CUID, if so, UPDATE (Don't delete)
        #2. Otherwise, create a new entry
        print "New entry created.\n"
        ####################################################################

    def dynamoDelete(self, cuid):
        ####################################################################
        # YOUR CODE HERE
        #1. Check table for entries that have the same CUID, if so, DELETE
        ####################################################################

    def dynamoViewAll(self):
        ####################################################################
        string_db = "CUID: NAME\n"
        print string_db
        #1. Get all entries in the table
        #2. Print the CUID: NAME for each entry
        ####################################################################
        

####################################################################
# DON'T MODIFY BELOW HERE -----------------------------------------#
####################################################################




cognito = boto.connect_cognito_identity()
cognito_id = cognito.get_id(ACCOUNT_ID, IDENTITY_POOL_ID)
oidc = cognito.get_open_id_token(cognito_id['IdentityId'])

sts = boto.connect_sts()
assumedRoleObject = sts.assume_role_with_web_identity(ROLE_ARN, "XX", oidc['Token'])

client_dynamo = boto.dynamodb2.connect_to_region(
        'us-east-1',
        aws_access_key_id=assumedRoleObject.credentials.access_key,
        aws_secret_access_key=assumedRoleObject.credentials.secret_key,
        security_token=assumedRoleObject.credentials.session_token)

DB = dynamoMethods(DYNAMO_TABLE_NAME)

state = 0
input_cuid = None
input_name = None
input_password = None

def get_prompt(state_var):
    if state_var == 0:
        return "Choose an option.\n1. Add to DB\n2. Delete from DB\n3. ViewDB\n"
    elif state_var == 1:
        return "Enter CUID to add: "
    elif state_var == 2:
        return "Enter name to add: "
    elif state_var == 3:
        return "Enter password: "******"Enter CUID to delete: "
    else:
        return "Bad command..."

try:
    while True:
        prompt = get_prompt(state)
        ans = raw_input(prompt)

        if state == 0:
            if ans == "1":
                state = 1
            elif ans == "2":
                state = 4
            elif ans == "3":
                state = 0
                DB.dynamoViewAll()
            else:
                print "Unsupported command.\n"
        elif state == 1:
            state = 2
            input_cuid = ans
        elif state == 2:
            state = 3
            input_name = ans
        elif state == 3:
            state = 0
            input_password = ans
            DB.dynamoAdd(input_cuid, input_name, input_password)
        elif state == 4:
            state = 0
            input_cuid = ans
            DB.dynamoDelete(input_cuid)
        else:
            state = 0
            print "Something is wrong."
except KeyboardInterrupt:
    exit
コード例 #46
0
def connect(account_name, connection_type, **args):
    """

    Examples of use:
    ec2 = sts_connect.connect(environment, 'ec2', region=region, validate_certs=False)
    ec2 = sts_connect.connect(environment, 'ec2', validate_certs=False, debug=1000)
    ec2 = sts_connect.connect(environment, 'ec2')
    where environment is ( test, prod, dev )
    s3  = sts_connect.connect(environment, 's3')
    ses = sts_connect.connect(environment, 'ses')

    :param account: Account to connect with (i.e. test, prod, dev)

    :raises Exception: RDS Region not valid
                       AWS Tech not supported.

    :returns: STS Connection Object for given tech

    :note: To use this method a SecurityMonkey role must be created
            in the target account with full read only privileges.
    """
    account = Account.query.filter(Account.name == account_name).first()
    sts = boto.connect_sts()
    role_name = 'SecurityMonkey'
    if account.role_name and account.role_name != '':
        role_name = account.role_name
    role = sts.assume_role('arn:aws:iam::' + account.number + ':role/' + role_name, 'secmonkey')

    if connection_type == 'botocore':
        botocore_session = botocore.session.get_session()
        botocore_session.set_credentials(
            role.credentials.access_key,
            role.credentials.secret_key,
            token=role.credentials.session_token
        )
        return botocore_session

    if connection_type == 'iam_boto3':
        session = boto3.Session(
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            aws_session_token=role.credentials.session_token
        )
        return session.resource('iam')

    region = 'us-east-1'
    if args.has_key('region'):
        region = args.pop('region')
        if hasattr(region, 'name'):
            region = region.name

    # ElasticSearch Service:
    if connection_type == 'es':
        session = boto3.Session(
            aws_access_key_id=role.credentials.access_key,
            aws_secret_access_key=role.credentials.secret_key,
            aws_session_token=role.credentials.session_token,
            region_name=region
        )
        return session.client('es')

    module = __import__("boto.{}".format(connection_type))
    for subm in connection_type.split('.'):
        module = getattr(module, subm)

    return module.connect_to_region(
        region,
        aws_access_key_id=role.credentials.access_key,
        aws_secret_access_key=role.credentials.secret_key,
        security_token=role.credentials.session_token
    )
コード例 #47
0
#!/usr/bin/python2.7

"""
- Author : Nag m
- Hack   : Use STS to connect to a different AWS Account and delete objects
- Info   : Use STS to connect to a different AWS Account and delete objects
            * 101-s3-aws
"""

import boto
from boto.s3.connection import OrdinaryCallingFormat

def del(name):
   bucket = s3conn.get_bucket(name)
   for obj in bucket.list():
       print " Deleting ... ", obj.name, obj.delete()

if __name__ == "__main__":
   account = "1222222222222"
   role = 'arn:aws:iam::' + account + ':role/Role1'
   stsconn = boto.connect_sts()
   c = stsconn.assume_role(role, 'rolename')
   s3conn = boto.connect_s3(c.credentials.access_key, c.credentials.secret_key, security_token=c.credentials.session_token,calling_format=OrdinaryCallingFormat(),host='s3-us-west-2.amazonaws.com')
   bucketname = "us-west-2.test.test"
   del(bucketname)
コード例 #48
0
ファイル: aws_url.py プロジェクト: xidianzhouya/learngit 
import urllib, json
import requests # 'pip install requests'
import boto
import boto3
import time

# Step 1: Authenticate user in your own identity system.


aws_root_iam = boto.connect_iam(aws_access_key_id=AWS_ROOT_CREDENTIALS['AWS_ACCESS_KEY_ID'],
                                aws_secret_access_key=AWS_ROOT_CREDENTIALS['AWS_SECRET_ACCESS_KEY'])

aws_root_sts = boto.connect_sts(aws_access_key_id=AWS_ROOT_CREDENTIALS['AWS_ACCESS_KEY_ID'],
                                aws_secret_access_key=AWS_ROOT_CREDENTIALS['AWS_SECRET_ACCESS_KEY'])

import pdb;pdb.set_trace()
# def get_sso_user_name():

#     for user in aws_root_iam.get_all_users().get('list_users_response').get('list_users_result').get('users'):
#         if user.get('user_name').startswith("Easy_Sso"):
#             return user.get('user_name')


# Sso_User_Role_Name = "Easy_Sso" + time.strftime("@%Y-%m-%d-%H-%M-%S", time.localtime())

# aws_root_iam.create_user(Sso_User_Role_Name)

# aws_root_iam.attach_user_policy(policy_arn='arn:aws:iam::aws:policy/AdministratorAccess',user_name=Sso_User_Role_Name)

aws_root_iam.get_all_access_keys('test')