Last active
May 2, 2022 15:00
-
-
Save dfetterman/e93f5be46e7915335c83f55f010b46b7 to your computer and use it in GitHub Desktop.
Python Assume Role Example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| awsaccntid = '123456789123' | |
| targetrole = 'LISTCERTSSTSROLE' | |
| ## GET CREDENTIALS | |
| def fn_assume_role(awsaccntid, targetrole): | |
| client = boto3.client('sts') | |
| response = client.assume_role( | |
| RoleArn="arn:aws:iam::" + awsaccntid + ":role/" + targetrole, | |
| RoleSessionName="AssumeRoleSession1" | |
| ) | |
| credentials = response['Credentials'] | |
| return credentials | |
| ## USING THE ASSUMED ROLE TO DO A BOTO3 THING ## | |
| ## In this case, get a list of certificates in the target aws account | |
| def fn_do_boto3_thing(awsaccntid, targetrole): | |
| credentials = fn_assume_role(awsaccntid, targetrole) | |
| acm_client = boto3.client( | |
| 'acm', | |
| aws_access_key_id=credentials['AccessKeyId'], | |
| aws_secret_access_key=credentials['SecretAccessKey'], | |
| aws_session_token=credentials['SessionToken'] | |
| ) | |
| response = acm_client.list_certificates( | |
| ) | |
| return response | |
| fn_do_boto3_thing(awsaccntid) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment