c7n.credentials module

class c7n.credentials.SessionFactory(region, profile=None, assume_role=None, external_id=None)[source]

Bases: object

_set_policy_name(name)[source]
policy_name
set_subscribers(subscribers)[source]
update(session)[source]
c7n.credentials.assumed_session(role_arn, session_name, session=None, region=None, external_id=None)[source]

STS Role assume a boto3.Session

With automatic credential renewal.

Args:
role_arn: iam role arn to assume session_name: client session identifier session: an optional extant session, note session is captured in a function closure for renewing the sts assumed role.
Returns:a boto3 session using the sts assumed role credentials

Notes: We have to poke at botocore internals a few times