March 9, 2021 at 12:00 am
Comments posted to this topic are about the item Reading a Specific File from an S3 bucket Using Python
March 9, 2021 at 8:45 am
Depending on where your Python app resides you can get away with not using the access key/secret key. If you have an EC2 instance then you can use client.assume_role to return those values.
def assume_role(arn, session_name):
"""
Args:
arn(str): ARN Of role you wish to assume.
session_name(str): Name of the STS session.
Returns: session
"""
client = boto3.client('sts')
response = client.assume_role(RoleArn=arn, RoleSessionName=session_name)
session = Session(aws_access_key_id=response['Credentials']['AccessKeyId'],
aws_secret_access_key=response['Credentials']['SecretAccessKey'],
aws_session_token=response['Credentials']['SessionToken'])
return session
You can then do something like the following
my_session = assumer_role(Role_ARN, "funkySession")
my_s3 = my_session.resource("s3")
March 9, 2021 at 3:22 pm
Yes you are correct David. The application can assume the role to again access to the AWS instance.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply