Navigation

STS

boto.sts

boto.sts.connect_to_region(region_name, **kw_params)

Given a valid region name, return a boto.sts.connection.STSConnection.

Type :str
Parameters:region_name – The name of the region to connect to.
Return type:boto.sts.connection.STSConnection or None
Returns:A connection to the given region, or None if an invalid region name is given
boto.sts.regions()

Get all available regions for the STS service.

Return type:list
Returns:A list of boto.regioninfo.RegionInfo instances
class boto.sts.STSConnection(aws_access_key_id=None, aws_secret_access_key=None, is_secure=True, port=None, proxy=None, proxy_port=None, proxy_user=None, proxy_pass=None, debug=0, https_connection_factory=None, region=None, path='/', converter=None, validate_certs=True)
APIVersion = '2011-06-15'
DefaultRegionEndpoint = 'sts.amazonaws.com'
DefaultRegionName = 'us-east-1'
assume_role(role_arn, role_session_name, policy=None, duration_seconds=None, external_id=None)

Returns a set of temporary credentials that the caller can use to access resources that are allowed by the temporary credentials. The credentials are valid for the duration that the caller specified, which can be from 15 minutes (900 seconds) to 1 hour (3600 seconds)

Parameters:
  • role_arn (str) – The Amazon Resource Name (ARN) of the role that the caller is assuming.
  • role_session_name (str) – The session name of the temporary security credentials. The session name is part of the AssumedRoleUser.
  • policy (str) – A supplemental policy that can be associated with the temporary security credentials. The caller can limit the permissions that are available on the role’s temporary security credentials to maintain the least amount of privileges. When a service call is made with the temporary security credentials, both policies (the role policy and supplemental policy) are checked.
  • duration_seconds (int) – he duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.
  • external_id (str) – A unique identifier that is used by third-party services to ensure that they are assuming a role that corresponds to the correct users. For third-party services that have access to resources across multiple AWS accounts, the unique client ID helps third-party services simplify access control verification.
Returns:

An instance of boto.sts.credentials.AssumedRole
get_federation_token(name, duration=None, policy=None)
Parameters:
  • name (str) – The name of the Federated user associated with the credentials.
  • duration (int) – The number of seconds the credentials should remain valid.
  • policy (str) – A JSON policy to associate with these credentials.
get_session_token(duration=None, force_new=False, mfa_serial_number=None, mfa_token=None)

Return a valid session token. Because retrieving new tokens from the Secure Token Service is a fairly heavyweight operation this module caches previously retrieved tokens and returns them when appropriate. Each token is cached with a key consisting of the region name of the STS endpoint concatenated with the requesting user’s access id. If there is a token in the cache meeting with this key, the session expiration is checked to make sure it is still valid and if so, the cached token is returned. Otherwise, a new session token is requested from STS and it is placed into the cache and returned.

Parameters:
  • duration (int) – The number of seconds the credentials should remain valid.
  • force_new (bool) – If this parameter is True, a new session token will be retrieved from the Secure Token Service regardless of whether there is a valid cached token or not.
  • mfa_serial_number (str) – The serial number of an MFA device. If this is provided and if the mfa_passcode provided is valid, the temporary session token will be authorized with to perform operations requiring the MFA device authentication.
  • mfa_token (str) – The 6 digit token associated with the MFA device.

boto.sts.credentials

class boto.sts.credentials.AssumedRole(connection=None, credentials=None, user=None)
Variables:
  • user – The assumed role user.
  • credentials – A Credentials object containing the credentials.
endElement(name, value, connection)
startElement(name, attrs, connection)
class boto.sts.credentials.Credentials(parent=None)
Variables:
  • access_key – The AccessKeyID.
  • secret_key – The SecretAccessKey.
  • session_token – The session token that must be passed with requests to use the temporary credentials
  • expiration – The timestamp for when the credentials will expire
endElement(name, value, connection)
classmethod from_json(json_doc)

Create and return a new Session Token based on the contents of a JSON document.

Parameters:json_doc (str) – A string containing a JSON document with a previously saved Credentials object.
is_expired(time_offset_seconds=0)

Checks to see if the Session Token is expired or not. By default it will check to see if the Session Token is expired as of the moment the method is called. However, you can supply an optional parameter which is the number of seconds of offset into the future for the check. For example, if you supply a value of 5, this method will return a True if the Session Token will be expired 5 seconds from this moment.

Parameters:time_offset_seconds (int) – The number of seconds into the future to test the Session Token for expiration.
classmethod load(file_path)

Create and return a new Session Token based on the contents of a previously saved JSON-format file.

Parameters:file_path (str) – The fully qualified path to the JSON-format file containing the previously saved Session Token information.
save(file_path)

Persist a Session Token to a file in JSON format.

Parameters:path (str) – The fully qualified path to the file where the the Session Token data should be written. Any previous data in the file will be overwritten. To help protect the credentials contained in the file, the permissions of the file will be set to readable/writable by owner only.
startElement(name, attrs, connection)
to_dict()

Return a Python dict containing the important information about this Session Token.

class boto.sts.credentials.FederationToken(parent=None)
Variables:
  • credentials – A Credentials object containing the credentials.
  • federated_user_arn – ARN specifying federated user using credentials.
  • federated_user_id – The ID of the federated user using credentials.
  • packed_policy_size – A percentage value indicating the size of the policy in packed form
endElement(name, value, connection)
startElement(name, attrs, connection)
class boto.sts.credentials.User(arn=None, assume_role_id=None)
Variables:
  • arn – The arn of the user assuming the role.
  • assume_role_id – The identifier of the assumed role.
endElement(name, value, connection)
startElement(name, attrs, connection)

Table Of Contents

Previous topic

SQS

Next topic

SWF

This Page

Navigation

© Copyright 2009,2010, Mitch Garnaat. Created using Sphinx 1.1.3+.



Brought to you by Read the Docs