Giters

azavea / cac-tripplanner

Clean Air Council Circuit Trip Planner and Travelshed

Home Page:https://gophillygo.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Remove AWS STS specific code related to deployment

hectcastro opened this issue · comments

commented

Within the tooling used for deployment, remove all AWS STS and MFA specific code. Depend on the SDK and CLI configuration to determine how authentication with AWS should occur:

cac-tripplanner/deployment/auth.py

Lines 19 to 54 in 51673de

def get_creds(aws_access_key_id, aws_secret_access_key, aws_role_arn):
"""Helper method that returns a new AWS config with temp credentials
Args:
aws_access_key_id (str): AWS access key id (public)
aws_secret_access_key (str): AWS secret key (private)
"""
aws_config = {'aws_access_key_id': aws_access_key_id,
"aws_secret_access_key": aws_secret_access_key}
iam_conn = boto.connect_iam(**aws_config)
sts_conn = boto.connect_sts(**aws_config)
username = input('Please provide AWS username: ')
mfa_devices = (iam_conn.get_all_mfa_devices(username)
['list_mfa_devices_response']
['list_mfa_devices_result']
['mfa_devices'])
if len(mfa_devices) > 1:
raise AuthException('Unable to handle a user with multiple MFA devices')
if len(mfa_devices) == 0:
raise AuthException('Must have MFA device to get temporary credentials')
mfa_serial_number = mfa_devices[0]['serial_number']
mfa_token = input('Please enter your 6 digit MFA token: ')
assumed_role = sts_conn.assume_role(
role_arn=aws_role_arn,
role_session_name='AssumeRoleSessionWithMFA',
mfa_serial_number=mfa_serial_number,
mfa_token=mfa_token
)
return dict(aws_access_key_id=assumed_role.credentials.access_key,
aws_secret_access_key=assumed_role.credentials.secret_key,
aws_security_token=assumed_role.credentials.session_token)