1

Can we make an AWS connection to list and fetch objects having temp session using python Boto3 with using only following? and without passing RoleArn?

_AWS_ACCESS_KEY_ID,

_AWS_SECRET_ACCESS_KEY,

_AWS_SESSION_TOKEN,

MFA Code

I have only below temp session, how should i pass this as i do not have roleArn

enter image description here

i also checked the post boto3 sessions and aws_session_token management but all are using roleArn .

user190245
  • 1,027
  • 1
  • 15
  • 31
  • Yep - you'd pass them to the `boto3.client()` function. – AKX May 21 '21 at 20:21
  • What do you mean by "objects having temp session"? – John Rotenstein May 22 '21 at 00:49
  • can this be done without passing RoleArn? – user190245 May 22 '21 at 06:05
  • @john by temp session i mean i have above values(i added pic) which has a expiration time set. – user190245 May 22 '21 at 06:53
  • Please clarify your question. Are you asking how to list the contents of an Amazon S3 bucket when you have some temporary AWS credentials? Did your answer (below) satisfy your need? – John Rotenstein May 23 '21 at 07:51
  • Hi John, Initially, i was having difficulty in creating successful AWS connection with Python Program. Below code helped in making it. Its not particularly for S3 bucket. However, i had to fetch some elastic IPs. A question posted by me earlier, where you explained how should i approach it. There i was able to list the regions but getting elastic IPs still posses a problem, as i am battling with the boto and boto3 differences now. my earlier post where you helped me John its link is below – user190245 May 23 '21 at 12:03
  • https://stackoverflow.com/questions/67626558/extract-a-list-of-elastic-ips-and-instance-names-using-aws-system-manager/67631168#67631168 – user190245 May 23 '21 at 12:04

1 Answers1

1

Worked by running this code, it doesnot require RoleArn

import boto
from boto.s3.connection import S3Connection
from boto.sts import STSConnection

# Prompt for MFA time-based one-time password (TOTP)
mfa_TOTP = raw_input("Enter the MFA code: ")

# The calls to AWS STS GetSessionToken must be signed with the access key ID and secret
# access key of an IAM user. The credentials can be in environment variables or in 
# a configuration file and will be discovered automatically
# by the STSConnection() function. For more information, see the Python SDK 
# documentation: http://boto.readthedocs.org/en/latest/boto_config_tut.html

sts_connection = STSConnection()

# Use the appropriate device ID (serial number for hardware device or ARN for virtual device). 
# Replace ACCOUNT-NUMBER-WITHOUT-HYPHENS and MFA-DEVICE-ID with appropriate values.

tempCredentials = sts_connection.get_session_token(
    duration=3600,
    mfa_serial_number="&region-arn;iam::ACCOUNT-NUMBER-WITHOUT-HYPHENS:mfa/MFA-DEVICE-ID",
    mfa_token=mfa_TOTP
)

# Use the temporary credentials to list the contents of an S3 bucket
s3_connection = S3Connection(
    aws_access_key_id=tempCredentials.access_key,
    aws_secret_access_key=tempCredentials.secret_key,
    security_token=tempCredentials.session_token
)

# Replace BUCKET-NAME with an appropriate value.
bucket = s3_connection.get_bucket(bucket_name="BUCKET-NAME")
objectlist = bucket.list()
for obj in objectlist:
    print obj.name
user190245
  • 1,027
  • 1
  • 15
  • 31
  • now..i got in trouble, how to run this in Boto3 as i will be using boto3 mostly in my coding, any quick help with this. – user190245 May 22 '21 at 10:25
  • 1
    It's a Python program that _uses_ boto3. You can install boto3 with `pip3 install boto3`, then run the above Python program. – John Rotenstein May 23 '21 at 07:50