Skip to content

Instantly share code, notes, and snippets.

@unloadedroe

unloadedroe/lambda_assume_role.py

Forked from ozgurakan/lambda_assume_role.py
Created May 21, 2019 20:39
Show Gist options
  • Save unloadedroe/33d21eb3343860778e2dd8bd9cfdbf9d to your computer and use it in GitHub Desktop.
Save unloadedroe/33d21eb3343860778e2dd8bd9cfdbf9d to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @ozgurakan ozgurakan revised this gist May 22, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions lambda_assume_role.py
    View file
    Original file line number Diff line number Diff line change
    @@ -6,6 +6,7 @@
    # or you can pass role as an evironment varibale
    # ROLE_ARN = os.environ['role_arn']

    ROLE_ARN = = os.environ['role_arn']

    def aws_session(role_arn=None, session_name='my_session'):
    """
  2. @ozgurakan ozgurakan revised this gist May 22, 2017. 1 changed file with 8 additions and 1 deletion.
    9 changes: 8 additions & 1 deletion lambda_assume_role.py
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,12 @@
    import boto3

    # you can assign role in the function like below
    # ROLE_ARN = 'arn:aws:iam::01234567890:role/my_role'
    #
    # or you can pass role as an evironment varibale
    # ROLE_ARN = os.environ['role_arn']


    def aws_session(role_arn=None, session_name='my_session'):
    """
    If role_arn is given assumes a role and returns boto3 session
    @@ -17,7 +24,7 @@ def aws_session(role_arn=None, session_name='my_session'):
    return boto3.Session()

    def lambda_handler(event, context):
    session_assumed = aws_session(role_arn='arn:aws:iam::01234567890:role/my_role', session_name='my_lambda')
    session_assumed = aws_session(role_arn=ROLE_ARN, session_name='my_lambda')
    session_regular = aws_session()

    print(session_assumed.client('sts').get_caller_identity()['Account'])
  3. @ozgurakan ozgurakan renamed this gist Apr 28, 2017. 1 changed file with 0 additions and 0 deletions.
    0 aws_session.py → lambda_assume_role.py
    View file
    File renamed without changes.
  4. @ozgurakan ozgurakan revised this gist Apr 28, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion aws_session.py
    View file
    Original file line number Diff line number Diff line change
    @@ -2,7 +2,7 @@

    def aws_session(role_arn=None, session_name='my_session'):
    """
    If role_arn is given assumes a role and retuns boto3 session
    If role_arn is given assumes a role and returns boto3 session
    otherwise return a regular session with the current IAM user/role
    """
    if role_arn:
  5. @ozgurakan ozgurakan created this gist Apr 28, 2017.
    24 changes: 24 additions & 0 deletions aws_session.py
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,24 @@
    import boto3

    def aws_session(role_arn=None, session_name='my_session'):
    """
    If role_arn is given assumes a role and retuns boto3 session
    otherwise return a regular session with the current IAM user/role
    """
    if role_arn:
    client = boto3.client('sts')
    response = client.assume_role(RoleArn=role_arn, RoleSessionName=session_name)
    session = boto3.Session(
    aws_access_key_id=response['Credentials']['AccessKeyId'],
    aws_secret_access_key=response['Credentials']['SecretAccessKey'],
    aws_session_token=response['Credentials']['SessionToken'])
    return session
    else:
    return boto3.Session()

    def lambda_handler(event, context):
    session_assumed = aws_session(role_arn='arn:aws:iam::01234567890:role/my_role', session_name='my_lambda')
    session_regular = aws_session()

    print(session_assumed.client('sts').get_caller_identity()['Account'])
    print(session_regular.client('sts').get_caller_identity()['Account'])