RefreshableSession#
- class boto3_refresh_session.session.RefreshableSession[source]#
Factory class for configuring boto3 sessions with various different automatic credential refresh methods.
- Parameters:
- methodLiteral[“sts”, “custom”, “iot”] = “sts”, optional
The automatic credential refresh method to use for the session. It must match a registered method name. Options include
"sts" | "custom" | "iot". Default is"sts".- defer_refreshbool = True, optional
If
Truethen temporary credentials are not automatically refreshed until they are explicitly needed. IfFalsethen temporary credentials refresh immediately upon expiration. It is highly recommended that you useTrue. Default isTrue.- advisory_timeoutint = 900, optional
USE THIS ARGUMENT WITH CAUTION!!!
Botocore will attempt to refresh credentials early according to this value (in seconds), but will continue using the existing credentials if refresh fails. Default is 15 minutes (900 seconds).
- mandatory_timeoutint = 600, optional
USE THIS ARGUMENT WITH CAUTION!!!
Botocore requires a successful refresh before continuing. If refresh fails in this window (in seconds), API calls may fail. Default is 10 minutes (600 seconds).
Attributes
cache
(SessionCache) The client and resource cache used to store and retrieve cached clients.
credentials
(TemporaryCredentials) The temporary AWS security credentials.
Methods
client(*args, eviction_policy: EvictionPolicy, max_size: int, **kwargs) -> BaseClient
Creates a low-level service client by name.
get_identity() -> Identity
Returns metadata about the current caller identity.
refreshable_credentials() -> TemporaryCredentials
Returns the current temporary AWS security credentials.
resource(*args, eviction_policy: EvictionPolicy, max_size: int, **kwargs) -> ServiceResource
Creates a low-level service resource by name.
whoami() -> Identity
Alias for
get_identity.- Returns:
- boto3_refresh_session.methods.sts.STSRefreshableSession
If
method="sts"(or not specified) then an instance ofboto3_refresh_session.methods.sts.STSRefreshableSessionis returned.- boto3_refresh_session.methods.custom.CustomRefreshableSession
If
method="custom"then an instance ofboto3_refresh_session.methods.custom.CustomRefreshableSessionis returned.- boto3_refresh_session.methods.iot.x509.IOTX509RefreshableSession
If
method="iot"then an instance ofboto3_refresh_session.methods.iot.x509.IOTX509RefreshableSessionis returned.
- Other Parameters:
- **kwargsAny, optional
Refer to the automatic credential refresh strategies docs for details on what arguments are accepted by each automatic credential refresh method.
Refer to the
boto3.session.Sessiondocs for additional information on configuring boto3 sessions.
See also
Notes
Note
For additional details on client and resource caching, refer to the usage docs.
Note
For additional details on configuring MFA, refer to the MFA usage docs.
Important
method="iot"requires the installation of theiotextra via pip:pip install boto3-refresh-session[iot]
Examples
Basic initialization using STS AssumeRole (i.e.
method="sts"):>>> from boto3_refresh_session import ( ... AssumeRoleConfig, RefreshableSession ... ) >>> session = RefreshableSession( ... assume_role_kwargs=AssumeRoleConfig( ... RoleArn="<your-role-arn>" ... ), ... ) >>> s3 = session.client("s3") >>> s3.list_buckets()
Basic initialization using a custom credential callable (i.e.
method="custom"):>>> from boto3_refresh_session import RefreshableSession >>> def provider(...): ... ... ... return {"access_key": "...", ... "secret_key": "...", ... "token": "...", ... "expiry_time": "..."} ... >>> session = RefreshableSession( ... method="custom", ... custom_credentials_method=provider, ... custom_credentials_method_args={...}, ... ) >>> cloudwatch = session.client("logs") >>> cloudwatch.list_logs()
Basic initialization using IoT X.509 (i.e.
method="iot"):>>> from boto3_refresh_session import RefreshableSession >>> session = RefreshableSession( ... method="iot", ... endpoint="<your-iot-endpoint>", ... thing_name="<your-thing-name>", ... role_alias="<your-role-alias>", ... certificate="path/to/certificate.pem.crt", ... private_key="path/to/private.pem.key", ... ) >>> s3 = session.client("s3") >>> s3.list_buckets()