# IAM Roles Anywhere Session
[](https://opensource.org/licenses/Apache-2.0)
[](https://badge.fury.io/py/iam-rolesanywhere-session)
[](https://github.com/psf/black)
This package provides an easy way to create a __refreshable__ boto3 Session with [AWS Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/Welcome.html).
This package implements the algorithm described here: <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-sign-process.html>.
## Requirements
- Python 3.8 or later
- Creation and configuration of a trust anchor. See [documentation](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/getting-started.html)
- Valid X.509 certificate, private key, and optionally a certificate chain file associated with your trust anchor
## Install
- From PyPi
```bash
pip install iam-rolesanywhere-session
```
- From source
```bash
git clone https://github.com/awslabs/iam-roles-anywhere-session.git
cd iam-roles-anywhere-session
python3 -m pip install ./
```
## Configuration
For this package to work you will need to have at your disposal your `certificate` and `private_key` file in a PEM format.
IAMRoleAnywhereSession will take multiple arguments:
| Name | Description | Type | Default value |
| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -------------------------------------------- |
| profile_arn | The Amazon Resource Name (ARN) of the profile. | string | None |
| role_arn | The Amazon Resource Name (ARN) of the role to assume. | string | None |
| trust_anchor_arn | The Amazon Resource Name (ARN) of the trust anchor. | string | None |
| certificate | The x509 certificate file, in PEM format. | path or bytes | None |
| private_key | The certificate private key file, in PEM Format. | path or bytes | None |
| private_key_passphrase | The passphrase use to decrypt private key file. | string | None |
| region | The name of the region where you configured IAM Roles Anywhere. | string | us-east-1 |
| session_duration | The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to 3600 seconds (1 hour). | int | 3600 |
| service_name | An identifier for the service, used to build the botosession. | string | rolesanywhere |
| endpoint | Roles Anywhere API endpoint to use | string | '{service_name}.{region_name}.amazonaws.com' |
| verify | Whether to validate SSL certificates, or the path to a trusted certificate authority | bool or str | None |
| proxies | Proxy endpoint(s) for use behind private networks with a proxy. | dict | `{}` |
| proxies_config | A dictionary of additional proxy configurations. | dict | `{}` |
```python
from iam_rolesanywhere_session import IAMRolesAnywhereSession
roles_anywhere_session = IAMRolesAnywhereSession(
profile_arn="arn:aws:rolesanywhere:eu-central-1:************:profile/a6294488-77cf-4d4a-8c5c-40b96690bbf0",
role_arn="arn:aws:iam::************:role/IAMRolesAnywhere-01",
trust_anchor_arn="arn:aws:rolesanywhere:eu-central-1::************::trust-anchor/4579702c-9abb-47c2-88b2-c734e0b29539",
certificate='certificate.pem',
private_key='privkey.pem',
region="eu-central-1"
).get_session()
s3 = roles_anywhere_session.client("s3")
print(s3.list_buckets())
```
# Documentation
You can find [here](https://awslabs.github.io/iam-roles-anywhere-session/) the complete documentation with additional usage and module reference.
## Contributing
Contributions are very welcome.
To learn more, see the [Contributor Guide](CONTRIBUTING.md).
## License
Distributed under the terms of the [Apache 2](LICENSE)
Raw data
{
"_id": null,
"home_page": null,
"name": "iam-rolesanywhere-session",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "iam, aws, rolesanywhere, boto3, botocore",
"author": null,
"author_email": "Thomas Buatois <tbuatois@amazon.fr>",
"download_url": "https://files.pythonhosted.org/packages/17/94/7751b1a504ab0ffc44e857839a9540a2cfb2a4eb3e4c5d55d3cfba0bf9ec/iam_rolesanywhere_session-2.2.0.tar.gz",
"platform": null,
"description": "# IAM Roles Anywhere Session\n\n[](https://opensource.org/licenses/Apache-2.0)\n[](https://badge.fury.io/py/iam-rolesanywhere-session)\n\n\n[](https://github.com/psf/black)\n\n\nThis package provides an easy way to create a __refreshable__ boto3 Session with [AWS Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/Welcome.html).\n\nThis package implements the algorithm described here: <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-sign-process.html>.\n\n## Requirements\n\n- Python 3.8 or later\n- Creation and configuration of a trust anchor. See [documentation](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/getting-started.html)\n- Valid X.509 certificate, private key, and optionally a certificate chain file associated with your trust anchor\n\n## Install\n\n- From PyPi\n\n```bash\npip install iam-rolesanywhere-session\n```\n\n- From source\n\n```bash\ngit clone https://github.com/awslabs/iam-roles-anywhere-session.git\ncd iam-roles-anywhere-session\npython3 -m pip install ./\n```\n\n## Configuration\n\nFor this package to work you will need to have at your disposal your `certificate` and `private_key` file in a PEM format.\n\nIAMRoleAnywhereSession will take multiple arguments:\n\n| Name | Description | Type | Default value |\n| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -------------------------------------------- |\n| profile_arn | The Amazon Resource Name (ARN) of the profile. | string | None |\n| role_arn | The Amazon Resource Name (ARN) of the role to assume. | string | None |\n| trust_anchor_arn | The Amazon Resource Name (ARN) of the trust anchor. | string | None |\n| certificate | The x509 certificate file, in PEM format. | path or bytes | None |\n| private_key | The certificate private key file, in PEM Format. | path or bytes | None |\n| private_key_passphrase | The passphrase use to decrypt private key file. | string | None |\n| region | The name of the region where you configured IAM Roles Anywhere. | string | us-east-1 |\n| session_duration | The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to 3600 seconds (1 hour). | int | 3600 |\n| service_name | An identifier for the service, used to build the botosession. | string | rolesanywhere |\n| endpoint | Roles Anywhere API endpoint to use | string | '{service_name}.{region_name}.amazonaws.com' |\n| verify | Whether to validate SSL certificates, or the path to a trusted certificate authority | bool or str | None |\n| proxies | Proxy endpoint(s) for use behind private networks with a proxy. | dict | `{}` |\n| proxies_config | A dictionary of additional proxy configurations. | dict | `{}` |\n\n```python\nfrom iam_rolesanywhere_session import IAMRolesAnywhereSession\nroles_anywhere_session = IAMRolesAnywhereSession(\n profile_arn=\"arn:aws:rolesanywhere:eu-central-1:************:profile/a6294488-77cf-4d4a-8c5c-40b96690bbf0\",\n role_arn=\"arn:aws:iam::************:role/IAMRolesAnywhere-01\",\n trust_anchor_arn=\"arn:aws:rolesanywhere:eu-central-1::************::trust-anchor/4579702c-9abb-47c2-88b2-c734e0b29539\",\n certificate='certificate.pem',\n private_key='privkey.pem',\n region=\"eu-central-1\"\n).get_session()\ns3 = roles_anywhere_session.client(\"s3\")\nprint(s3.list_buckets())\n```\n\n# Documentation\n\nYou can find [here](https://awslabs.github.io/iam-roles-anywhere-session/) the complete documentation with additional usage and module reference.\n\n## Contributing\n\nContributions are very welcome.\nTo learn more, see the [Contributor Guide](CONTRIBUTING.md).\n\n## License\n\nDistributed under the terms of the [Apache 2](LICENSE)\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Boto3 session creator for IAM Roles Anywhere",
"version": "2.2.0",
"project_urls": {
"changelog": "https://github.com/awslabs/iam-roles-anywhere-session./blob/main/CHANGELOG.md",
"documentation": "https://awslabs.github.io/iam-rolesanywhere-session/",
"repository": "https://github.com/awslabs/iam-roles-anywhere-session.git"
},
"split_keywords": [
"iam",
" aws",
" rolesanywhere",
" boto3",
" botocore"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "7591a97d74e32bc55ce889bd0001e9b14cb3155861659b3b953f0eb261db58d1",
"md5": "7a2ffec926855749adbe40e5e03ea6ad",
"sha256": "1267649aa9cb8c77da994ad76e661465f843b1d149acd1b354e2c06faa8d6182"
},
"downloads": -1,
"filename": "iam_rolesanywhere_session-2.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7a2ffec926855749adbe40e5e03ea6ad",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 12122,
"upload_time": "2024-07-02T10:20:08",
"upload_time_iso_8601": "2024-07-02T10:20:08.633731Z",
"url": "https://files.pythonhosted.org/packages/75/91/a97d74e32bc55ce889bd0001e9b14cb3155861659b3b953f0eb261db58d1/iam_rolesanywhere_session-2.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "17947751b1a504ab0ffc44e857839a9540a2cfb2a4eb3e4c5d55d3cfba0bf9ec",
"md5": "a7a387a3ad48a66b76018309204fad1c",
"sha256": "77217468ce51e8d44ae62f85b680041331cdfdb14e5de9f72384472ead49361a"
},
"downloads": -1,
"filename": "iam_rolesanywhere_session-2.2.0.tar.gz",
"has_sig": false,
"md5_digest": "a7a387a3ad48a66b76018309204fad1c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 20364,
"upload_time": "2024-07-02T10:20:10",
"upload_time_iso_8601": "2024-07-02T10:20:10.355341Z",
"url": "https://files.pythonhosted.org/packages/17/94/7751b1a504ab0ffc44e857839a9540a2cfb2a4eb3e4c5d55d3cfba0bf9ec/iam_rolesanywhere_session-2.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-02 10:20:10",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "awslabs",
"github_project": "iam-roles-anywhere-session.",
"github_not_found": true,
"lcname": "iam-rolesanywhere-session"
}
JSON
