Warm tip: This article is reproduced from serverfault.com, please click
amazon-s3 boto3 great-expectations

Passing AWS role to the application that uses default boto3 configs

发布于 2020-11-24 00:56:04

I have an aws setup that requires me to assume role and get corresponding credentials in order to write to s3. For example, to write with aws cli, I need to use --profile readwrite flag. If I write code myself with boot, I'd assume role via sts, get credentials, and create new session.

However, there is a bunch of applications and packages relying on boto3's configuration, e.g. internal code runs like this:

s3 = boto3.resource('s3')
result_s3 = s3.Object(bucket, s3_object_key)
result_s3.put(
                Body=value.encode(content_encoding),
                ContentEncoding=content_encoding,
                ContentType=content_type,
        )

From documentation, boto3 can be set to use default profile using (among others) AWS_PROFILE env variable, and it clearly "works" in terms that boto3.Session().profile_name does match the variable - but the applications still won't write to s3.

What would be the cleanest/correct way to set them properly? I tried to pull credentials from sts, and write them as AWS_SECRET_TOKEN etc, but that didn't work for me...

Questioner
Philipp_Kats
Viewed
0
分享
Philipp_Kats 2020-12-02 06:32:40

I think the correct answer to my question is one shared by Nathan Williams in the comment.

In my specific case, given that I had to initiate code from python, and was a bit worried about setting AWS settings that might spill into other operations, I used the fact that boto3 has DEFAULT_SESSION singleton, used each time, and just overwrote this with a session that assumed the proper role:

hook = S3Hook(aws_conn_id=aws_conn_id)  
boto3.DEFAULT_SESSION = hook.get_session()

(here, S3Hook is airflow's s3 handling object). After that (in the same runtime) everything worked perfectly

热门帖子

1
Casvisor:带 Web UI 的开源堡垒机,支持 RDP、VNC、SSH 远程桌面、主机和数据库管理、批量执行命令、单点登录
2
今天碰到的一个看似简单的算法问题卡的我头疼:余额和构成余额的交易的问题,问 GPT 也没结果
3
为什么 Apple TV 平台下为什么免费好用的视频播放器都没有?
4
你们是否意识到人生没有什么保障?
5
中国的男女关系会朝向哪个方向发展呢?日韩法?
6
同学要注册公司,问我借房产证照片?
7
OPNSense clash 透明代理导致部分国内软件无法使用
8
程序员兼职引起的纠纷?
9
IPV6 太香了
10
最近同事的一句话让我一直耿耿于怀,大伙帮忙分析下

热门github

1
A multi-platform library for OpenGL, OpenGL ES, Vulkan, window and input
2
Dev tool that writes scalable apps from scratch while the developer oversees the implementation
3
shadcn/ui, but for Svelte. ✨
4
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.
5
Performance-portable, length-agnostic SIMD with runtime dispatch
6
ZK Credo
7
OpenCodeInterpreter: Integrating Code Generation with Execution and Refinement
8
Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
9
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.
10
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
11
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
12
🎓 Path to a free self-taught education in Computer Science!
13
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
14
A collective list of free APIs
15
📚 Freely available programming books