def get_session(config):
if config.profile_name not in _session_cache:
print('Creating new Boto3 Session for profile {0}'.format(config.profile_name))
_session_cache[config.profile_name] = boto3.Session(profile_name=config.profile_name)
session = _session_cache[config.profile_name]
if config.role_arn:
if config.role_arn not in _session_cache:
sts_client = session.client('sts')
role_session_name = '{0}.session-{1}'.format(__name__, time.time())
print('Assuming role {0}'.format(config.role_arn))
assumed_role = sts_client.assume_role(RoleArn=config.role_arn,
ExternalId=config.external_id,
RoleSessionName=role_session_name)
_session_cache[config.role_arn] = boto3.Session(aws_access_key_id=assumed_role['Credentials']['AccessKeyId'],
aws_secret_access_key=assumed_role['Credentials']['SecretAccessKey'],
aws_session_token=assumed_role['Credentials']['SessionToken'])
session = _session_cache[config.role_arn]
return session
评论列表
文章目录
