IAM Roles Anywhere credentials helper.
Iamra (ahy-em-rah) is a helper library to abstract and make obtaining temporary AWS IAM credentials easy through using AWS Identity and Access Management Roles Anywhere. Once configured in the cloud, Iamra sessions can be created, and then when credentials are needed, a single call will update the AWS credentials, that can be directly used via boto3 session or client.
- Single object per session, allowing for different scoped credentials
- RSA and EC certificate / private key support
- Certificate chain support for X.509 certificated signed by an intermediate Certificate Authority
- Cached credentials within the expiration time to reduce unneeded calls to IAM Roles Anywhere, but can be force-refreshed as needed
- Python 3.9 or later support
- Creation of a trust anchor and profile in the cloud
- Valid X.509 certificate, private key, and optionally a certificate chain file
You can install Iamra via pip from PyPI:
$ pip install iamraBasic usage with local private key and X.509 certificate:
>>> import iamra
>>> # Create a session object
>>> iamra_session = iamra.Credentials(
region="us-east-1",
certificate_filename="client.pem",
private_key_filename="client.key",
duration=3600,
profile_arn="arn:aws:rolesanywhere:us-west-2:1234567890:profile/3d203fc0-7bba-4ec1-a6ef-697504ce1c72",
role_arn="arn:aws:iam::1234567890:role/IamRoleWithPermissionsToUse",
session_name="my_client_test_session",
trust_anchor_arn="arn:aws:rolesanywhere:us-west-2:1234567890:trust-anchor/29efd0b1-1b66-4df4-8ae7-e935716efd8e",
)
>>> # Invoke getting credentials from Roles Anywhere
>>> iamra_session.get_credentials()
>>> # Directly access credentials
>>> iamra_session.access_key_id
'ASIA5FLYQEXXXXXXZ27N'
>>> iamra_session.secret_access_key
'HhAViXXXXqIZrq/qENC4ahPqssXXXX9DEfx3mTv'
>>> iamra_session.session_token
'IQoJb3JpZ2luX2VjEMf//////////wEaCXVzLXdlc3QtMiJ...fARzrFrr0VEpiqFY42NWjFdFUhdLkPiuhsLoTYH+OnaGl92OxAho3j0='Here is the documentation that covers additional usage and module reference.
Contributions are very welcome. To learn more, see the Contributor Guide.
Distributed under the terms of the MIT license, Iamra is free and open source software.
If you encounter any problems, please file an issue along with a detailed description.
This project was generated from @cjolowicz's Hypermodern Python Cookiecutter template.