Python 3.6+ 库,用于启用对AWS的Azure AD身份验证
项目描述
aws_azuread_login
Python 3.6+ 库,用于启用对AWS的ADFS身份验证
安装
pip install aws-azuread-login
用法
import aws_azuread_login
import botocore
import json
# authenticate against azuread application url
roles = aws_azuread_login.authenticate(os.environ['AWS_AZUREAD_ENTRY_URL']
# get creds one by one
for role in roles:
try:
print(f'Getting credentials for role {role.role_name} in account {role.account}...')
credentials = role.get_credentials()
client = credentials.get_client('ec2')
response = client.describe_instances()
print(json.dumps(response['Reservations'], indent=2, default=str))
except botocore.exceptions.ClientError as e:
print(f'\t 👎 Error getting credentials, skipping: {type(e)}, {str(e)}')
# get them all at once ('sts.AssumeRole' role errors are handled by aws_azuread_login)
multiple_credentials = aws_azuread_login.get_multiple_credentials(roles)
for credentials in multiple_credentials:
client = credentials.get_client('ec2')
response = client.describe_instances()
print(json.dumps(response['Reservations'], indent=2, default=str))
# get clients in different regions
for credentials in multiple_credentials:
client = credentials.get_client('ec2')
response = client.describe_regions()
for region in response['Regions']:
region_name = region['RegionName']
print(f'Creating client for region {region_name}...')
client = credentials.get_client('ec2', region_name=region_name)
response = client.describe_instances()
print(json.dumps(response['Reservations'], indent=2, default=str))
# control the session duration, e.g. 12 hours (default is 1 hour)
credentials = roles[0].get_credentials(duration_seconds=60*60*12)
multiple_credentials = aws_azuread_login.get_mutiple_credentials(roles, duration_seconds=60*60*12)
