· 7 years ago · Jan 03, 2019, 10:18 AM
1import logging
2import boto3
3
4logger = logging.getLogger()
5logger.addHandler(logging.StreamHandler()) # Writes to console
6logger.setLevel(logging.INFO)
7
8
9def create_sts_client(aws_access_key_id=None,
10 aws_secret_access_key=None,
11 aws_session_token=None):
12 sts_client = boto3.client(
13 'sts',
14 aws_access_key_id=aws_access_key_id,
15 aws_secret_access_key=aws_secret_access_key,
16 aws_session_token=aws_session_token)
17 return sts_client
18
19
20def get_crossaccount_credentials(access_key, secret_key, role_arn):
21 client = create_sts_client(access_key, secret_key)
22 return client.assume_role(RoleArn=role_arn, RoleSessionName='test-auth')
23
24
25def get_ec2_client(access_key,
26 secret_key,
27 role_arn=None,
28 region_name='us-east-1'):
29 aws_session_token = None
30 if role_arn:
31 credentials = get_crossaccount_credentials(access_key, secret_key,
32 role_arn)
33 access_key = credentials['Credentials']['AccessKeyId']
34 secret_key = credentials['Credentials']['SecretAccessKey']
35 aws_session_token = credentials['Credentials']['SessionToken']
36 logger.info("Retrieved creds from cross account")
37 return boto3.client(
38 'ec2',
39 region_name=region_name,
40 aws_access_key_id=access_key,
41 aws_secret_access_key=secret_key,
42 aws_session_token=aws_session_token)
43
44
45if __name__ == '__main__':
46 # Required values
47 primary_aws_access_key_id = '<primary_account_access_key>'
48 primary_aws_secret_access_key = '<primary_account_secret_key>'
49 cross_account_role_arn = '<cross_account_role_arn>'
50
51 # Creating EC2 client for cross account
52 ec2_client = get_ec2_client(primary_aws_access_key_id,
53 primary_aws_secret_access_key,
54 cross_account_role_arn)
55 logger.info(ec2_client.describe_instances())