# IAM Roles Anywhere Session
[](https://opensource.org/licenses/Apache-2.0)
[](https://badge.fury.io/py/iam-rolesanywhere-session)
[](https://github.com/psf/black)
This package provides an easy way to create a __refreshable__ boto3 Session with [AWS Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/Welcome.html).
This package implements the algorithm described here: <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-sign-process.html>.
## Requirements
- Python 3.8 or later
- Creation and configuration of a trust anchor. See [documentation](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/getting-started.html)
- Valid X.509 certificate, private key, and optionally a certificate chain file associated with your trust anchor
## Install
- From PyPi
```bash
pip install iam-rolesanywhere-session
```
- From source
```bash
git clone https://github.com/awslabs/iam-roles-anywhere-session.git
cd iam-roles-anywhere-session
python3 -m pip install ./
```
## Configuration
For this package to work you will need to have at your disposal your `certificate` and `private_key` file in a PEM format.
IAMRoleAnywhereSession will take multiple arguments:
| Name | Description | Type | Default value |
| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -------------------------------------------- |
| profile_arn | The Amazon Resource Name (ARN) of the profile. | string | None |
| role_arn | The Amazon Resource Name (ARN) of the role to assume. | string | None |
| trust_anchor_arn | The Amazon Resource Name (ARN) of the trust anchor. | string | None |
| certificate | The x509 certificate file, in PEM format. | path or bytes | None |
| private_key | The certificate private key file, in PEM Format. | path or bytes | None |
| passphrase | The passphrase use to decrypt private key file. | string | None |
| region | The name of the region where you configured IAM Roles Anywhere. | string | us-east-1 |
| session_duration | The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to 3600 seconds (1 hour). | int | 3600 |
| service_name | An identifier for the service, used to build the botosession. | string | rolesanywhere |
| endpoint | Roles Anywhere API endpoint to use | string | '{service_name}.{region_name}.amazonaws.com' |
| proxies | Proxy endpoint(s) for use behind private networks with a proxy. | dict | `{}` |
| proxies_config | A dictionary of additional proxy configurations. | dict | `{}` |
```python
from iam_rolesanywhere_session import IAMRolesAnywhereSession
roles_anywhere_session = IAMRolesAnywhereSession(
profile_arn="arn:aws:rolesanywhere:eu-central-1:************:profile/a6294488-77cf-4d4a-8c5c-40b96690bbf0",
role_arn="arn:aws:iam::************:role/IAMRolesAnywhere-01",
trust_anchor_arn="arn:aws:rolesanywhere:eu-central-1::************::trust-anchor/4579702c-9abb-47c2-88b2-c734e0b29539",
certificate='certificate.pem',
private_key='privkey.pem',
region="eu-central-1"
).get_session()
s3 = roles_anywhere_session.client("s3")
print(s3.list_buckets())
```
# Documentation
You can find [here](https://awslabs.github.io/iam-rolesanywhere-session/) the complete documentation with additional usage and module reference.
## Contributing
Contributions are very welcome.
To learn more, see the [Contributor Guide](CONTRIBUTING.md).
## License
Distributed under the terms of the [Apache 2](LICENSE)
Raw data
{
"_id": null,
"home_page": "",
"name": "iam-rolesanywhere-session",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "",
"keywords": "iam,aws,rolesanywhere,boto3,botocore",
"author": "",
"author_email": "Thomas Buatois <tbuatois@amazon.fr>",
"download_url": "https://files.pythonhosted.org/packages/94/87/2c00d4eeb77e0e2a8f0dcc064f63549addad5664539d998c55cea8b9aa14/iam_rolesanywhere_session-2.1.0.tar.gz",
"platform": null,
"description": "# IAM Roles Anywhere Session\n\n[](https://opensource.org/licenses/Apache-2.0)\n[](https://badge.fury.io/py/iam-rolesanywhere-session)\n\n\n[](https://github.com/psf/black)\n\n\nThis package provides an easy way to create a __refreshable__ boto3 Session with [AWS Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/Welcome.html).\n\nThis package implements the algorithm described here: <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-sign-process.html>.\n\n## Requirements\n\n- Python 3.8 or later\n- Creation and configuration of a trust anchor. See [documentation](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/getting-started.html)\n- Valid X.509 certificate, private key, and optionally a certificate chain file associated with your trust anchor\n\n## Install\n\n- From PyPi\n\n```bash\npip install iam-rolesanywhere-session\n```\n\n- From source\n\n```bash\ngit clone https://github.com/awslabs/iam-roles-anywhere-session.git\ncd iam-roles-anywhere-session\npython3 -m pip install ./\n```\n\n## Configuration\n\nFor this package to work you will need to have at your disposal your `certificate` and `private_key` file in a PEM format.\n\nIAMRoleAnywhereSession will take multiple arguments:\n\n| Name | Description | Type | Default value |\n| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -------------------------------------------- |\n| profile_arn | The Amazon Resource Name (ARN) of the profile. | string | None |\n| role_arn | The Amazon Resource Name (ARN) of the role to assume. | string | None |\n| trust_anchor_arn | The Amazon Resource Name (ARN) of the trust anchor. | string | None |\n| certificate | The x509 certificate file, in PEM format. | path or bytes | None |\n| private_key | The certificate private key file, in PEM Format. | path or bytes | None |\n| passphrase | The passphrase use to decrypt private key file. | string | None |\n| region | The name of the region where you configured IAM Roles Anywhere. | string | us-east-1 |\n| session_duration | The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to 3600 seconds (1 hour). | int | 3600 |\n| service_name | An identifier for the service, used to build the botosession. | string | rolesanywhere |\n| endpoint | Roles Anywhere API endpoint to use | string | '{service_name}.{region_name}.amazonaws.com' |\n| proxies | Proxy endpoint(s) for use behind private networks with a proxy. | dict | `{}` |\n| proxies_config | A dictionary of additional proxy configurations. | dict | `{}` |\n\n```python\nfrom iam_rolesanywhere_session import IAMRolesAnywhereSession\nroles_anywhere_session = IAMRolesAnywhereSession(\n profile_arn=\"arn:aws:rolesanywhere:eu-central-1:************:profile/a6294488-77cf-4d4a-8c5c-40b96690bbf0\",\n role_arn=\"arn:aws:iam::************:role/IAMRolesAnywhere-01\",\n trust_anchor_arn=\"arn:aws:rolesanywhere:eu-central-1::************::trust-anchor/4579702c-9abb-47c2-88b2-c734e0b29539\",\n certificate='certificate.pem',\n private_key='privkey.pem',\n region=\"eu-central-1\"\n).get_session()\ns3 = roles_anywhere_session.client(\"s3\")\nprint(s3.list_buckets())\n```\n\n# Documentation\n\nYou can find [here](https://awslabs.github.io/iam-rolesanywhere-session/) the complete documentation with additional usage and module reference.\n\n## Contributing\n\nContributions are very welcome.\nTo learn more, see the [Contributor Guide](CONTRIBUTING.md).\n\n## License\n\nDistributed under the terms of the [Apache 2](LICENSE)\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Boto3 session creator for IAM Roles Anywhere",
"version": "2.1.0",
"split_keywords": [
"iam",
"aws",
"rolesanywhere",
"boto3",
"botocore"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "3691bf354bf23166df02626157b2c9adeedd883bf7c7b654e5d5f5af8852f340",
"md5": "b9a743f57f3ec57923fc44842b156b6e",
"sha256": "57974182fd3c6705c93db115b179b4408c3053c15da450871e5bffd6418cf437"
},
"downloads": -1,
"filename": "iam_rolesanywhere_session-2.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b9a743f57f3ec57923fc44842b156b6e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 12026,
"upload_time": "2023-03-29T11:31:03",
"upload_time_iso_8601": "2023-03-29T11:31:03.823037Z",
"url": "https://files.pythonhosted.org/packages/36/91/bf354bf23166df02626157b2c9adeedd883bf7c7b654e5d5f5af8852f340/iam_rolesanywhere_session-2.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "94872c00d4eeb77e0e2a8f0dcc064f63549addad5664539d998c55cea8b9aa14",
"md5": "09a9bdce827fed0734186c64a976b62d",
"sha256": "cee8523d2ac604f8bd046e4e4a4e5c0fb083e49d5854b436b256dbffbd643022"
},
"downloads": -1,
"filename": "iam_rolesanywhere_session-2.1.0.tar.gz",
"has_sig": false,
"md5_digest": "09a9bdce827fed0734186c64a976b62d",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 19968,
"upload_time": "2023-03-29T11:31:04",
"upload_time_iso_8601": "2023-03-29T11:31:04.954250Z",
"url": "https://files.pythonhosted.org/packages/94/87/2c00d4eeb77e0e2a8f0dcc064f63549addad5664539d998c55cea8b9aa14/iam_rolesanywhere_session-2.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-03-29 11:31:04",
"github": false,
"gitlab": false,
"bitbucket": false,
"lcname": "iam-rolesanywhere-session"
}
JSON