Giter VIP home page Giter VIP logo

boto-session-manager-project's Introduction

image

image

image

image

image

image

image

image

image

image

image

Welcome to boto_session_manager Documentation

About boto_session_manager

boto_session_manager is a light weight, zero dependency python library that simplify managing your AWS boto3 session in your application code. It bring auto complete and type hint to the default boto3 SDK, and provide smooth development experience with the following goodies:

  • boto3 Client auto complete
  • Cached boto3 Client
  • Assume IAM role in application code
  • Set temporary credential for AWS Cli

Additionally, if you use boto3-stubs and you did pip install "boto3-stubs[all]", then boto_session_manager comes with the auto complete and type hint for all boto3 methods out-of-the-box, without any extra configuration (such as explicit type annotations)

Feature

Boto Client Auto Complete

Provide an Enum class to access the aws service name to create boto client.

from boto_session_manager import BotoSesManager, AwsServiceEnum

bsm = BotoSesManager()
s3_client = bsm.s3_client

image

One click to jump to the documentation:

image

Client method auto complete:

image

Arguments type hint:

image

Note: you have to do pip install "boto3-stubs[all]" to enable "Client method auto complete" and "Arguments type hint" features.

Cached Client

Once an boto session is defined, each AWS Service client should be created only once in most of the case. boto_session_manager.BotoSesManager.get_client(service_name) allow you to fetch the client object from cache if possible.

from boto_session_manager import BotoSesManager, AwsServiceEnum

bsm = BotoSesManager()
s3_client1 = bsm.get_client(AwsServiceEnum.S3)
s3_client2 = bsm.get_client(AwsServiceEnum.S3)
assert id(s3_client1) = id(s3_client2)

Or you can just do:

bsm.s3_client.list_buckets() # it cache the client when needed

Assume Role

Create another boto session manager based on an assumed IAM role. Allow you to check if it is expired and maybe renew later.

bsm_assumed = bsm.assume_role("arn:aws:iam::111122223333:role/your-assume-role-name")
sts_client = bsm_assumed.get_client(AwsServiceEnum.sts)
print(sts_client.get_caller_identity())

print(bsm_assumed.is_expired())

From 1.5.1, it adds support for auto-refreshable assumed role (Beta). Note that it is using AssumeRoleCredentialFetcher and DeferredRefreshableCredentials from botocore, which is not public API officially supported by botocore. This API may be unstable.

bsm_assumed = bsm.assume_role(
    "arn:aws:iam::111122223333:role/your-assume-role-name",
    duration_seconds=900,
    auto_refresh=True,
)

# even though the duration seconds is only 15 minutes,
# but it can keep running for 1 hour.
tick = 60
sleep = 60
for i in range(tick):
    time.sleep(sleep)
    print("elapsed {} seconds".format((i + 1) * sleep))
    print("Account id = {}".format(bsm_new.sts_client.get_caller_identity()["Account"]))

AWS CLI context manager

You explicitly defined a boto session manager that is not the same as the default one used by your AWS CLI. The boto_session_manager.BotoSesManager.awscli() context manager can temporarily set your default AWS CLI credential as the same as the one you defined, and automatically revert it back.

# explicitly define a boto session manager
bsm = BotoSesManager(
    profile_name="my_aws_profile",
)

with bsm.awscli():
    # now the default AWS CLI credential is the same as the ``bsm`` you defined

Here's a more detailed example:

import os
from boto_session_manager import BotoSesManager

def print_default_aws_cli_credential():
    print("AWS_ACCESS_KEY_ID =", os.environ.get("AWS_ACCESS_KEY_ID"))
    print("AWS_SECRET_ACCESS_KEY =", os.environ.get("AWS_SECRET_ACCESS_KEY"))
    print("AWS_SESSION_TOKEN =", os.environ.get("AWS_SESSION_TOKEN"))
    print("AWS_REGION =", os.environ.get("AWS_REGION"))

print("--- before ---")
print_default_aws_cli_credential()

bsm = BotoSesManager(profile_name="aws_data_lab_open_source_us_east_1")
with bsm.awscli():
    print("--- within awscli() context manager ---")
    print_default_aws_cli_credential()

print("--- after ---")
print_default_aws_cli_credential()

# --- before ---
# AWS_ACCESS_KEY_ID = None
# AWS_SECRET_ACCESS_KEY = None
# AWS_SESSION_TOKEN = None
# AWS_REGION = None
# --- within awscli() context manager ---
# AWS_ACCESS_KEY_ID = ABCDEFG...
# AWS_SECRET_ACCESS_KEY = ABCDEFG...
# AWS_SESSION_TOKEN = ABCDEFG...
# AWS_REGION = us-east-1
# --- after ---
# AWS_ACCESS_KEY_ID = None
# AWS_SECRET_ACCESS_KEY = None
# AWS_SESSION_TOKEN = None
# AWS_REGION = None

Install

boto_session_manager is released on PyPI, so all you need is:

$ pip install boto_session_manager

To upgrade to latest version:

$ pip install --upgrade boto_session_manager

boto-session-manager-project's People

Contributors

amazon-auto avatar machu-gwu avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

craigspaz arpitjain799

boto-session-manager-project's Issues

Refreshable assume role session

It's relatively easy to get a refreshable assume role session. It'd look like this:

def assume_role(self, role_arn, ...):
    # code to set `extra_args` dict of AssumeRole parameters goes here

    botocore_session = self.boto_ses._session

    credentials = botocore_session.get_credentials()
    if not credentials:
        # Error out now rather than wait for the new session to get used
        raise NoCredentialsError

    credential_fetcher = AssumeRoleCredentialFetcher(
        botocore_session.create_client,
        credentials,
        role_arn,
        extra_args=extra_args
    )

    assumed_role_credentials = DeferredRefreshableCredentials(
        credential_fetcher.fetch_credentials,
        "assume-role"
    )

    assumed_role_botocore_session = botocore.session.get_session()
    assumed_role_botocore_session._credentials = assumed_role_credentials

    # note that if this session's region changes, it will not cascade
    region_name = self.boto_ses.region_name

    return BotoSesManager(
        botocore_session=assumed_role_botocore_session,
        region_name=region_name
    )

Not a sample

Hey @MacHu-GWU - this isn't a sample, it should be in awslabs. You should also discuss this with your upstream (Boto) so you're on the same page as they are regarding the features here.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.