def get_assume_role_credentials(role_arn):
sts_client = boto3.client('sts')
try:
assume_role_response = sts_client.assume_role(RoleArn=role_arn,
RoleSessionName="configLambdaExecution",
DurationSeconds=CONFIG_ROLE_TIMEOUT_SECONDS)
if 'liblogging' in sys.modules:
liblogging.logSession(role_arn, assume_role_response)
return assume_role_response['Credentials']
except botocore.exceptions.ClientError as ex:
# Scrub error message for any internal account info leaks
print(str(ex))
if 'AccessDenied' in ex.response['Error']['Code']:
ex.response['Error']['Message'] = "AWS Config does not have permission to assume the IAM role."
else:
ex.response['Error']['Message'] = "InternalError"
ex.response['Error']['Code'] = "InternalError"
raise ex
def get_assume_role_credentials(role_arn, region=None):
sts_client = boto3.client("sts", region)
try:
assume_role_response = sts_client.assume_role(
RoleArn=role_arn,
RoleSessionName="configLambdaExecution",
DurationSeconds=CONFIG_ROLE_TIMEOUT_SECONDS,
)
if "liblogging" in sys.modules:
liblogging.logSession(role_arn, assume_role_response)
return assume_role_response["Credentials"]
except botocore.exceptions.ClientError as ex:
# Scrub error message for any internal account info leaks
print(str(ex))
if "AccessDenied" in ex.response["Error"]["Code"]:
ex.response["Error"][
"Message"] = "AWS Config does not have permission to assume the IAM role."
else:
ex.response["Error"]["Message"] = "InternalError"
ex.response["Error"]["Code"] = "InternalError"
raise ex
