[英]Where can I find the documentation for writing custom AWS credential provider using boto3?
我希望创建一个 python 进程以在运行时刷新临时 AWS 凭证(有效期 30 分钟),以确保我的代码可以连续运行 30 分钟以上。
什么是 RefreshableCredentials 以及如何使用它?
完整的 AWS boto3 文档: https://boto3.amazonaws.com/v1/documentation/api/latest/index.html
凭证文档: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html
RefreshableCredentials 是一个 botocore class 充当身份验证请求所需凭据的容器,它可以自动刷新凭据
这是一个很好的使用指南: https://dev.to/li_chastina/auto-refresh-aws-tokens-using-iam-role-and-boto3-2cjf
经过一番摸索,我终于得出结论,botocore 和 boto3 类没有文档记录。
我查看了源代码并实现了一个适用于我的用例的解决方案。 贴在这里供其他人参考。
class AWSCredsRefresh:
def run(self):
session = get_session()
cred_provider = session.get_component('credential_provider')
cred_provider.insert_before('env', CustomCredentialProvider())
boto3_session = Session(botocore_session=session)
#Perform AWS operations with boto3_session
class CustomCredentialProvider(CredentialProvider):
CANONICAL_NAME = "custom-creds"
def __init__(self):
def load(self):
#These creds will be automatically refreshed using the _refreh method if the current creds are going to expire in 15 mins or less
creds = DeferredRefreshableCredentials(refresh_using=self._refresh, method="sts-assume-role",)
return creds
def _refresh(self):
#Refresh your AWS creds using custom process
response = self._custom_aws_cred_refresh()
credentials = {
"access_key": response.get("AccessKeyId"),
"secret_key": response.get("SecretAccessKey"),
"token": response.get("SessionToken"),
"expiry_time": response.get("Expiration").isoformat(),
}
return credentials
def _custom_aws_cred_refresh(self):
#Your custom AWS cred refresh code
return response
if __name__ == '__main__':
obj = AWSCredsRefresh()
obj.run()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.