def test_assume_role_in_account():
role_name = 'myrole'
account_id = '123456789012'
credentials = utils.assume_role_in_account(account_id, role_name)
assert 'aws_access_key_id' in credentials
assert 'aws_secret_access_key' in credentials
assert 'aws_session_token' in credentials
def _get_org_client(self):
""" Returns a boto3 client for Organizations object """
message = {
'FILE': __file__.split('/')[-1],
'CLASS': self.__class__.__name__,
'METHOD': inspect.stack()[0][3],
}
self.logger.info(message)
try:
credentials = utils.assume_role_in_account(
self.master_account_id,
self.access_role,
)
except ClientError as e: # pragma: no cover
errmsg = 'cannot assume role {} in account {}: {}'.format(
self.access_role,
self.master_account_id,
e.response['Error']['Code'],
)
sys.exit(errmsg)
client_config = botocore.config.Config(
# see https://github.com/boto/botocore/issues/619
# the default is 10
max_pool_connections=10
)
return boto3.client('organizations', config=client_config, **credentials)
def _get_org_client(self):
""" Returns a boto3 client for Organizations object """
try:
credentials = utils.assume_role_in_account(
self.master_account_id,
self.access_role,
)
except ClientError as e: # pragma: no cover
errmsg = 'cannot assume role {} in account {}: {}'.format(
self.access_role,
self.master_account_id,
e.response['Error']['Code'],
)
sys.exit(errmsg)
return boto3.client('organizations', **credentials)
def load_credentials(self, access_role):
if self.status == 'ACTIVE':
self.credentials = utils.assume_role_in_account(self.id, access_role)
def load_credentials(self, access_role):
self.credentials = utils.assume_role_in_account(self.id, access_role)