Chilkat2-Python
Chilkat2-Python
AWS Security Token Service (STS) AssumeRole
See more AWS Security Token Service Examples
Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.Chilkat Chilkat2-Python Downloads
import sys
import chilkat2
success = False
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
rest = chilkat2.Rest()
# Connect to the Amazon AWS REST server.
# such as https://sts.us-west-2.amazonaws.com/
bTls = True
port = 443
bAutoReconnect = True
success = rest.Connect("sts.us-west-2.amazonaws.com",port,bTls,bAutoReconnect)
# Provide AWS credentials for the REST call.
authAws = chilkat2.AuthAws()
authAws.AccessKey = "AWS_ACCESS_KEY"
authAws.SecretKey = "AWS_SECRET_KEY"
# the region should match our URL above..
# See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
authAws.Region = "us-west-2"
authAws.ServiceName = "sts"
rest.SetAuthAws(authAws)
# Sample Request
# https://sts.amazonaws.com/
# ?Version=2011-06-15
# &Action=AssumeRole
# &RoleSessionName=testAR
# &RoleArn=arn:aws:iam::123456789012:role/demo
# &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
# &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
# &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
# "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
# &DurationSeconds=3600
# &Tags.member.1.Key=Project
# &Tags.member.1.Value=Pegasus
# &Tags.member.2.Key=Team
# &Tags.member.2.Value=Engineering
# &Tags.member.3.Key=Cost-Center
# &Tags.member.3.Value=12345
# &TransitiveTagKeys.member.1=Project
# &TransitiveTagKeys.member.2=Cost-Center
# &ExternalId=123ABC
# &SourceIdentity=Alice
# &AUTHPARAMS
rest.AddQueryParam("Version","2011-06-15")
rest.AddQueryParam("Action","AssumeRole")
rest.AddQueryParam("DurationSeconds","3600")
rest.AddQueryParam("RoleSessionName","testAR")
rest.AddQueryParam("RoleArn","arn:aws:iam::123456789012:role/demo")
rest.AddQueryParam("PolicyArns.member.1.arn","arn:aws:iam::123456789012:policy/demopolicy1")
rest.AddQueryParam("PolicyArns.member.2.arn","arn:aws:iam::123456789012:policy/demopolicy2")
rest.AddQueryParam("Policy","{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}")
rest.AddQueryParam("Tags.member.1.Key","Project")
rest.AddQueryParam("Tags.member.1.Value","Pegasus")
rest.AddQueryParam("Tags.member.2.Key","Team")
rest.AddQueryParam("Tags.member.2.Value","Engineering")
rest.AddQueryParam("Tags.member.3.Key","Cost-Center")
rest.AddQueryParam("Tags.member.3.Value","12345")
rest.AddQueryParam("TransitiveTagKeys.member.1","Project")
rest.AddQueryParam("TransitiveTagKeys.member.2","Cost-Center")
rest.AddQueryParam("ExternalId","123ABC")
rest.AddQueryParam("SourceIdentity","Alice")
responseXml = rest.FullRequestNoBody("GET","/")
if (rest.LastMethodSuccess != True):
print(rest.LastErrorText)
sys.exit()
# A successful response will have a status code equal to 200.
if (rest.ResponseStatusCode != 200):
print("response status code = " + str(rest.ResponseStatusCode))
print("response status text = " + rest.ResponseStatusText)
print("response header: " + rest.ResponseHeader)
print("response body: " + responseXml)
sys.exit()
# Examine the successful XML response (shown below)
xml = chilkat2.Xml()
xml.LoadXml(responseXml)
print(xml.GetXml())
# Sample response:
# <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
# <AssumeRoleResult>
# <SourceIdentity>Alice</SourceIdentity>
# <AssumedRoleUser>
# <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
# <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
# </AssumedRoleUser>
# <Credentials>
# <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
# <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
# <SessionToken>
# AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
# LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
# QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
# 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
# +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
# </SessionToken>
# <Expiration>2019-11-09T13:34:41Z</Expiration>
# </Credentials>
# <PackedPolicySize>6</PackedPolicySize>
# </AssumeRoleResult>
# <ResponseMetadata>
# <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
# </ResponseMetadata>
# </AssumeRoleResponse>
# Sample parse code:
AssumeRoleResponse_xmlns = xml.GetAttrValue("xmlns")
SourceIdentity = xml.GetChildContent("AssumeRoleResult|SourceIdentity")
Arn = xml.GetChildContent("AssumeRoleResult|AssumedRoleUser|Arn")
AssumedRoleId = xml.GetChildContent("AssumeRoleResult|AssumedRoleUser|AssumedRoleId")
AccessKeyId = xml.GetChildContent("AssumeRoleResult|Credentials|AccessKeyId")
SecretAccessKey = xml.GetChildContent("AssumeRoleResult|Credentials|SecretAccessKey")
SessionToken = xml.GetChildContent("AssumeRoleResult|Credentials|SessionToken")
Expiration = xml.GetChildContent("AssumeRoleResult|Credentials|Expiration")
PackedPolicySize = xml.GetChildIntValue("AssumeRoleResult|PackedPolicySize")
RequestId = xml.GetChildContent("ResponseMetadata|RequestId")
# Save the session token XML to a file for use by another Chilkat example..
success = xml.SaveXml("qa_data/tokens/aws_session_token.xml")