How to use the awsume.awsumepy.lib.aws.assume_role function in awsume
To help you get started, we’ve selected a few awsume examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
trek10inc / awsume / awsume / awsumepy / default_plugins.py View on Github 
else:
logger.debug('Using default role duration')
if mfa_serial:
logger.debug('MFA required')
source_session = aws_lib.get_session_token(
source_credentials,
region=profile_lib.get_region(profiles, arguments, config),
mfa_serial=mfa_serial,
mfa_token=arguments.mfa_token,
ignore_cache=arguments.force_refresh,
duration_seconds=config.get('debug', {}).get('session_token_duration'),
)
else:
logger.debug('MFA not required')
source_session = source_credentials
role_session = aws_lib.assume_role(
source_session,
arguments.role_arn,
session_name,
region=region,
external_id=arguments.external_id,
role_duration=role_duration,
)
return role_sessionlogger.debug('Using current credentials to assume role')
role_session = aws_lib.assume_role({}, arguments.role_arn, session_name, region=region, external_id=arguments.external_id, role_duration=role_duration)
else:
logger.debug('Using the source_profile from the cli to call assume_role')
source_profile = profiles.get(arguments.source_profile)
if not source_profile:
raise exceptions.ProfileNotFoundError(profile_name=arguments.source_profile)
source_credentials = profile_lib.profile_to_credentials(source_profile)
mfa_serial = source_profile.get('mfa_serial')
if role_duration:
logger.debug('Using custom role duration')
if mfa_serial:
logger.debug('Requires MFA')
logger.debug('Using custom role duration for role that needs mfa_serial, skipping get-session-token call')
source_session = source_credentials
role_session = aws_lib.assume_role(
source_session,
arguments.role_arn,
session_name,
region=region,
external_id=arguments.external_id,
role_duration=role_duration,
mfa_serial=mfa_serial,
mfa_token=arguments.mfa_token,
)
else:
logger.debug('MFA not needed, assuming role from with profile creds')
role_session = aws_lib.assume_role(
source_credentials,
arguments.role_arn,
session_name,
region=region,def get_assume_role_credentials_mfa_required_large_custom_duration(config: dict, arguments: argparse.Namespace, profiles: dict, target_profile: dict, role_duration: int):
if arguments.auto_refresh and role_duration > 3600:
raise exceptions.ValidationException('Cannot use autoawsume with custom role duration of more than 1 hour')
logger.debug('Skipping the get_session_token call, temp creds cannot be used for custom role duration')
region = profile_lib.get_region(profiles, arguments, config)
mfa_serial = profile_lib.get_mfa_serial(profiles, arguments.target_profile_name)
external_id = profile_lib.get_external_id(arguments, target_profile)
source_profile = profile_lib.get_source_profile(profiles, arguments.target_profile_name)
source_session = profile_lib.profile_to_credentials(source_profile)
role_session = aws_lib.assume_role(
source_session,
target_profile.get('role_arn'),
arguments.session_name or arguments.target_profile_name,
region=region,
external_id=external_id,
role_duration=role_duration,
mfa_serial=mfa_serial,
mfa_token=arguments.mfa_token,
)
return role_sessiondef get_assume_role_credentials(config: dict, arguments: argparse.Namespace, profiles: dict, target_profile: dict, role_duration: int):
region = profile_lib.get_region(profiles, arguments, config)
external_id = profile_lib.get_external_id(arguments, target_profile)
source_profile = profile_lib.get_source_profile(profiles, arguments.target_profile_name)
source_credentials = profile_lib.profile_to_credentials(source_profile)
role_session = aws_lib.assume_role(
source_credentials,
target_profile.get('role_arn'),
arguments.session_name or arguments.target_profile_name,
region=region,
external_id=external_id,
role_duration=role_duration,
)
return role_sessiondef assume_role_from_cli(config: dict, arguments: dict, profiles: dict):
region = profile_lib.get_region(profiles, arguments, config, ignore_config=True, ignore_default=True)
logger.info('Using role_arn from the CLI')
role_duration = arguments.role_duration or int(config.get('role-duration', 0))
session_name = arguments.session_name or 'awsume-cli-role'
logger.debug('Session name: {}'.format(session_name))
if not arguments.source_profile:
logger.debug('Using current credentials to assume role')
role_session = aws_lib.assume_role({}, arguments.role_arn, session_name, region=region, external_id=arguments.external_id, role_duration=role_duration)
else:
logger.debug('Using the source_profile from the cli to call assume_role')
source_profile = profiles.get(arguments.source_profile)
if not source_profile:
raise exceptions.ProfileNotFoundError(profile_name=arguments.source_profile)
source_credentials = profile_lib.profile_to_credentials(source_profile)
mfa_serial = source_profile.get('mfa_serial')
if role_duration:
logger.debug('Using custom role duration')
if mfa_serial:
logger.debug('Requires MFA')
logger.debug('Using custom role duration for role that needs mfa_serial, skipping get-session-token call')
source_session = source_credentials
role_session = aws_lib.assume_role(
source_session,
arguments.role_arn,source_credentials,
region=region,
mfa_serial=mfa_serial,
mfa_token=arguments.mfa_token,
ignore_cache=arguments.force_refresh,
duration_seconds=config.get('debug', {}).get('session_token_duration'),
)
elif target_profile.get('credential_source') == 'Environment':
logger.debug('Using current environment to assume role')
source_session = {}
if arguments.auto_refresh and os.environ.get('AWS_PROFILE', '').startswith('autoawsume-'):
os.environ.pop('AWS_PROFILE')
os.environ.pop('AWS_DEFAULT_PROFILE')
role_session = aws_lib.assume_role(
source_session,
target_profile.get('role_arn'),
arguments.session_name or arguments.target_profile_name,
region=region,
external_id=external_id,
role_duration=role_duration,
)
if arguments.auto_refresh:
create_autoawsume_profile(config, arguments, role_session, source_session)
kill_autoawsume()
return source_session, role_sessionawsume
Awsume - A cli that makes using AWS IAM credentials easy
Package Health Score
65 / 100Popular awsume functions
- awsume.awsumepy
- awsume.awsumepy.app.Awsume
- awsume.awsumepy.default_plugins.assume_role_from_cli
- awsume.awsumepy.default_plugins.get_credentials
- awsume.awsumepy.default_plugins.post_add_arguments
- awsume.awsumepy.lib.aws.assume_role
- awsume.awsumepy.lib.aws_files.get_aws_files
- awsume.awsumepy.lib.constants
- awsume.awsumepy.lib.exceptions
- awsume.awsumepy.lib.exceptions.AwsumeException
- awsume.awsumepy.lib.exceptions.EarlyExit
- awsume.awsumepy.lib.exceptions.InvalidProfileError
- awsume.awsumepy.lib.logger.logger
- awsume.awsumepy.lib.logger.logger.debug
- awsume.awsumepy.lib.logger.logger.info
- awsume.awsumepy.lib.profile
- awsume.awsumepy.lib.profile.get_region
- awsume.awsumepy.lib.profile.profile_to_credentials
- awsume.awsumepy.lib.safe_print.safe_print
- awsume.awsumepy.safe_print