sh1n0b1 · June 2, 2017 15:02
diff --git a/AssumeRole.py b/AssumeRole.py
 import urllib, json
 import requests # 'pip install requests'
 from boto.sts import STSConnection # AWS SDK for Python (Boto) 'pip install boto'

 # Step 1: Authenticate user in your own identity system.

 # Step 2: Using the access keys for an IAM user in your AWS account,
 # call "AssumeRole" to get temporary access keys for the federated user

 # Note: Calls to AWS STS AssumeRole must be signed using the access key ID 
 # and secret access key of an IAM user or using existing temporary credentials.
 # The credentials can be in EC2 instance metadata, in environment variables, 
 # or in a configuration file, and will be discovered automatically by the 
 # STSConnection() function. For more information, see the Python SDK docs:
 # http://boto.readthedocs.org/en/latest/boto_config_tut.html
 sts_connection = STSConnection()

 assumed_role_object = sts_connection.assume_role(
    role_arn="arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/ROLE-NAME",
    role_session_name="AssumeRoleSession"
 )

 # Step 3: Format resulting temporary credentials into JSON
 json_string_with_temp_credentials = '{'
 json_string_with_temp_credentials += '"sessionId":"' + assumed_role_object.credentials.access_key + '",'
 json_string_with_temp_credentials += '"sessionKey":"' + assumed_role_object.credentials.secret_key + '",'
 json_string_with_temp_credentials += '"sessionToken":"' + assumed_role_object.credentials.session_token + '"'
 json_string_with_temp_credentials += '}'

 # Step 4. Make request to AWS federation endpoint to get sign-in token. Construct the parameter string with
 # the sign-in action request, a 12-hour session duration, and the JSON document with temporary credentials 
 # as parameters.
 request_parameters = "?Action=getSigninToken"
 request_parameters += "&SessionDuration=43200"
 request_parameters += "&Session=" + urllib.quote_plus(json_string_with_temp_credentials)
 request_url = "https://signin.aws.amazon.com/federation" + request_parameters
 r = requests.get(request_url)
 # Returns a JSON document with a single element named SigninToken.
 signin_token = json.loads(r.text)

 # Step 5: Create URL where users can use the sign-in token to sign in to 
 # the console. This URL must be used within 15 minutes after the
 # sign-in token was issued.
 request_parameters = "?Action=login" 
 request_parameters += "&Issuer=Example.org" 
 request_parameters += "&Destination=" + urllib.quote_plus("https://console.aws.amazon.com/")
 request_parameters += "&SigninToken=" + signin_token["SigninToken"]
 request_url = "https://signin.aws.amazon.com/federation" + request_parameters

 # Send final URL to stdout
 print request_url
	import urllib, json
	import requests # 'pip install requests'
	from boto.sts import STSConnection # AWS SDK for Python (Boto) 'pip install boto'

	# Step 1: Authenticate user in your own identity system.

	# Step 2: Using the access keys for an IAM user in your AWS account,
	# call "AssumeRole" to get temporary access keys for the federated user

	# Note: Calls to AWS STS AssumeRole must be signed using the access key ID
	# and secret access key of an IAM user or using existing temporary credentials.
	# The credentials can be in EC2 instance metadata, in environment variables,
	# or in a configuration file, and will be discovered automatically by the
	# STSConnection() function. For more information, see the Python SDK docs:
	# http://boto.readthedocs.org/en/latest/boto_config_tut.html
	sts_connection = STSConnection()

	assumed_role_object = sts_connection.assume_role(
	role_arn="arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/ROLE-NAME",
	role_session_name="AssumeRoleSession"
	)

	# Step 3: Format resulting temporary credentials into JSON
	json_string_with_temp_credentials = '{'
	json_string_with_temp_credentials += '"sessionId":"' + assumed_role_object.credentials.access_key + '",'
	json_string_with_temp_credentials += '"sessionKey":"' + assumed_role_object.credentials.secret_key + '",'
	json_string_with_temp_credentials += '"sessionToken":"' + assumed_role_object.credentials.session_token + '"'
	json_string_with_temp_credentials += '}'

	# Step 4. Make request to AWS federation endpoint to get sign-in token. Construct the parameter string with
	# the sign-in action request, a 12-hour session duration, and the JSON document with temporary credentials
	# as parameters.
	request_parameters = "?Action=getSigninToken"
	request_parameters += "&SessionDuration=43200"
	request_parameters += "&Session=" + urllib.quote_plus(json_string_with_temp_credentials)
	request_url = "https://signin.aws.amazon.com/federation" + request_parameters
	r = requests.get(request_url)
	# Returns a JSON document with a single element named SigninToken.
	signin_token = json.loads(r.text)

	# Step 5: Create URL where users can use the sign-in token to sign in to
	# the console. This URL must be used within 15 minutes after the
	# sign-in token was issued.
	request_parameters = "?Action=login"
	request_parameters += "&Issuer=Example.org"
	request_parameters += "&Destination=" + urllib.quote_plus("https://console.aws.amazon.com/")
	request_parameters += "&SigninToken=" + signin_token["SigninToken"]
	request_url = "https://signin.aws.amazon.com/federation" + request_parameters

	# Send final URL to stdout
	print request_url