Remove AWS STS specific code related to deployment
hectcastro opened this issue · comments
Hector Castro commented
Within the tooling used for deployment, remove all AWS STS and MFA specific code. Depend on the SDK and CLI configuration to determine how authentication with AWS should occur:
cac-tripplanner/deployment/auth.py
Lines 19 to 54 in 51673de
def get_creds(aws_access_key_id, aws_secret_access_key, aws_role_arn): | |
"""Helper method that returns a new AWS config with temp credentials | |
Args: | |
aws_access_key_id (str): AWS access key id (public) | |
aws_secret_access_key (str): AWS secret key (private) | |
""" | |
aws_config = {'aws_access_key_id': aws_access_key_id, | |
"aws_secret_access_key": aws_secret_access_key} | |
iam_conn = boto.connect_iam(**aws_config) | |
sts_conn = boto.connect_sts(**aws_config) | |
username = input('Please provide AWS username: ') | |
mfa_devices = (iam_conn.get_all_mfa_devices(username) | |
['list_mfa_devices_response'] | |
['list_mfa_devices_result'] | |
['mfa_devices']) | |
if len(mfa_devices) > 1: | |
raise AuthException('Unable to handle a user with multiple MFA devices') | |
if len(mfa_devices) == 0: | |
raise AuthException('Must have MFA device to get temporary credentials') | |
mfa_serial_number = mfa_devices[0]['serial_number'] | |
mfa_token = input('Please enter your 6 digit MFA token: ') | |
assumed_role = sts_conn.assume_role( | |
role_arn=aws_role_arn, | |
role_session_name='AssumeRoleSessionWithMFA', | |
mfa_serial_number=mfa_serial_number, | |
mfa_token=mfa_token | |
) | |
return dict(aws_access_key_id=assumed_role.credentials.access_key, | |
aws_secret_access_key=assumed_role.credentials.secret_key, | |
aws_security_token=assumed_role.credentials.session_token) |