How to use the awsume.awsumepy.lib.profile function in awsume
To help you get started, we’ve selected a few awsume examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
trek10inc / awsume / awsume / awsumepy / default_plugins.py View on Github 
def post_collect_aws_profiles(config: dict, arguments: argparse.Namespace, profiles: dict):
logger.debug('Post collect AWS profiles')
if arguments.list_profiles:
logger.debug('Listing profiles')
profile_lib.list_profile_data(profiles, arguments.list_profiles == 'more')
raise exceptions.EarlyExit()def get_session_token_credentials(config: dict, arguments: argparse.Namespace, profiles: dict, target_profile: dict):
region = profile_lib.get_region(profiles, arguments, config)
mfa_serial = profile_lib.get_mfa_serial(profiles, arguments.target_profile_name)
source_credentials = profile_lib.profile_to_credentials(target_profile)
user_session = aws_lib.get_session_token(
source_credentials,
region=region,
mfa_serial=mfa_serial,
mfa_token=arguments.mfa_token,
ignore_cache=arguments.force_refresh,
duration_seconds=config.get('debug', {}).get('session_token_duration'),
)
return user_sessionlogger.debug('MFA not needed, assuming role from with profile creds')
role_session = aws_lib.assume_role(
source_credentials,
arguments.role_arn,
session_name,
region=region,
external_id=arguments.external_id,
role_duration=role_duration,
)
else:
logger.debug('Using default role duration')
if mfa_serial:
logger.debug('MFA required')
source_session = aws_lib.get_session_token(
source_credentials,
region=profile_lib.get_region(profiles, arguments, config),
mfa_serial=mfa_serial,
mfa_token=arguments.mfa_token,
ignore_cache=arguments.force_refresh,
duration_seconds=config.get('debug', {}).get('session_token_duration'),
)
else:
logger.debug('MFA not required')
source_session = source_credentials
role_session = aws_lib.assume_role(
source_session,
arguments.role_arn,
session_name,
region=region,
external_id=arguments.external_id,
role_duration=role_duration,
)try:
boto_session = boto3.session.Session(
aws_access_key_id=source_credentials.get('AccessKeyId'),
aws_secret_access_key=source_credentials.get('SecretAccessKey'),
aws_session_token=source_credentials.get('SessionToken'),
region_name=region,
)
role_sts_client = boto_session.client('sts') # type: botostubs.STS
kwargs = { 'RoleSessionName': session_name, 'RoleArn': role_arn }
if external_id:
kwargs['ExternalId'] = external_id
if role_duration:
kwargs['DurationSeconds'] = int(role_duration)
if mfa_serial:
kwargs['SerialNumber'] = mfa_serial
kwargs['TokenCode'] = mfa_token or profile_lib.get_mfa_token()
logger.debug('Assuming role now')
role_session = role_sts_client.assume_role(**kwargs).get('Credentials')
logger.debug('Received role credentials')
role_session['Expiration'] = role_session['Expiration'].astimezone(dateutil.tz.tzlocal())
role_session['Region'] = region or boto_session.region_name
except Exception as e:
raise RoleAuthenticationError(str(e))
logger.debug('Role credentials received')
return role_sessiondef get_assume_role_credentials_mfa_required_large_custom_duration(config: dict, arguments: argparse.Namespace, profiles: dict, target_profile: dict, role_duration: int):
if arguments.auto_refresh and role_duration > 3600:
raise exceptions.ValidationException('Cannot use autoawsume with custom role duration of more than 1 hour')
logger.debug('Skipping the get_session_token call, temp creds cannot be used for custom role duration')
region = profile_lib.get_region(profiles, arguments, config)
mfa_serial = profile_lib.get_mfa_serial(profiles, arguments.target_profile_name)
external_id = profile_lib.get_external_id(arguments, target_profile)
source_profile = profile_lib.get_source_profile(profiles, arguments.target_profile_name)
source_session = profile_lib.profile_to_credentials(source_profile)
role_session = aws_lib.assume_role(
source_session,
target_profile.get('role_arn'),
arguments.session_name or arguments.target_profile_name,
region=region,
external_id=external_id,
role_duration=role_duration,
mfa_serial=mfa_serial,
mfa_token=arguments.mfa_token,
)
return role_sessiondef get_assume_role_credentials_mfa_required_large_custom_duration(config: dict, arguments: argparse.Namespace, profiles: dict, target_profile: dict, role_duration: int):
if arguments.auto_refresh and role_duration > 3600:
raise exceptions.ValidationException('Cannot use autoawsume with custom role duration of more than 1 hour')
logger.debug('Skipping the get_session_token call, temp creds cannot be used for custom role duration')
region = profile_lib.get_region(profiles, arguments, config)
mfa_serial = profile_lib.get_mfa_serial(profiles, arguments.target_profile_name)
external_id = profile_lib.get_external_id(arguments, target_profile)
source_profile = profile_lib.get_source_profile(profiles, arguments.target_profile_name)
source_session = profile_lib.profile_to_credentials(source_profile)
role_session = aws_lib.assume_role(
source_session,
target_profile.get('role_arn'),
arguments.session_name or arguments.target_profile_name,
region=region,
external_id=external_id,
role_duration=role_duration,
mfa_serial=mfa_serial,
mfa_token=arguments.mfa_token,
)
return role_sessionif region:
cache_session['Region'] = region
user_session = cache_session
else:
logger.debug('Getting session token')
boto_session = boto3.session.Session(
aws_access_key_id=source_credentials.get('AccessKeyId'),
aws_secret_access_key=source_credentials.get('SecretAccessKey'),
aws_session_token=source_credentials.get('SessionToken'),
region_name=region,
)
user_sts_client = boto_session.client('sts') # type: botostubs.STS
try:
kwargs = {
'SerialNumber': mfa_serial if mfa_serial else None,
'TokenCode': None if not mfa_serial else (mfa_token or profile_lib.get_mfa_token()),
}
if duration_seconds:
kwargs['DurationSeconds'] = duration_seconds
user_session = user_sts_client.get_session_token(**kwargs).get('Credentials')
user_session['Expiration'] = user_session['Expiration'].astimezone(dateutil.tz.tzlocal())
user_session['Region'] = region or boto_session.region_name
except Exception as e:
raise UserAuthenticationError(str(e))
logger.debug('Session token received')
cache_lib.write_aws_cache(cache_file_name, user_session)
return user_sessiondef get_assume_role_credentials_mfa_required_large_custom_duration(config: dict, arguments: argparse.Namespace, profiles: dict, target_profile: dict, role_duration: int):
if arguments.auto_refresh and role_duration > 3600:
raise exceptions.ValidationException('Cannot use autoawsume with custom role duration of more than 1 hour')
logger.debug('Skipping the get_session_token call, temp creds cannot be used for custom role duration')
region = profile_lib.get_region(profiles, arguments, config)
mfa_serial = profile_lib.get_mfa_serial(profiles, arguments.target_profile_name)
external_id = profile_lib.get_external_id(arguments, target_profile)
source_profile = profile_lib.get_source_profile(profiles, arguments.target_profile_name)
source_session = profile_lib.profile_to_credentials(source_profile)
role_session = aws_lib.assume_role(
source_session,
target_profile.get('role_arn'),
arguments.session_name or arguments.target_profile_name,
region=region,
external_id=external_id,
role_duration=role_duration,
mfa_serial=mfa_serial,
mfa_token=arguments.mfa_token,
)
return role_sessionawsume
Awsume - A cli that makes using AWS IAM credentials easy
Package Health Score
65 / 100Popular awsume functions
- awsume.awsumepy
- awsume.awsumepy.app.Awsume
- awsume.awsumepy.default_plugins.assume_role_from_cli
- awsume.awsumepy.default_plugins.get_credentials
- awsume.awsumepy.default_plugins.post_add_arguments
- awsume.awsumepy.lib.aws.assume_role
- awsume.awsumepy.lib.aws_files.get_aws_files
- awsume.awsumepy.lib.constants
- awsume.awsumepy.lib.exceptions
- awsume.awsumepy.lib.exceptions.AwsumeException
- awsume.awsumepy.lib.exceptions.EarlyExit
- awsume.awsumepy.lib.exceptions.InvalidProfileError
- awsume.awsumepy.lib.logger.logger
- awsume.awsumepy.lib.logger.logger.debug
- awsume.awsumepy.lib.logger.logger.info
- awsume.awsumepy.lib.profile
- awsume.awsumepy.lib.profile.get_region
- awsume.awsumepy.lib.profile.profile_to_credentials
- awsume.awsumepy.lib.safe_print.safe_print
- awsume.awsumepy.safe_print