boto3_refresh_session.methods.iot.IOTX509RefreshableSessionRefreshableSession#

A boto3.session.Session object that automatically refreshes temporary credentials returned by the IoT Core credential provider.

Parameters:

endpointstr: The endpoint URL for the IoT Core credential provider. Must contain ‘.credentials.iot.’.
role_aliasstr: The IAM role alias to use when requesting temporary credentials.
certificatestr | bytes: The X.509 certificate to use when requesting temporary credentials. str represents the file path to the certificate, while bytes represents the actual certificate data.
thing_namestr, optional: The name of the IoT thing to use when requesting temporary credentials. Default is None.
private_keystr | bytes | None, optional: The private key to use when requesting temporary credentials. str represents the file path to the private key, while bytes represents the actual private key data. Optional only if pkcs11 is provided. Default is None.
pkcs11PKCS11, optional: The PKCS#11 library to use when requesting temporary credentials. If provided, private_key must be None.
castr | bytes | None, optional: The CA certificate to use when verifying the IoT Core endpoint. str represents the file path to the CA certificate, while bytes represents the actual CA certificate data. Default is None.
verify_peerbool, optional: Whether to verify the CA certificate when establishing the TLS connection. Default is True.
timeoutfloat | int | None, optional: The timeout for the TLS connection in seconds. Default is 10.0.
duration_secondsint | None, optional: The duration for which the temporary credentials are valid, in seconds. Cannot exceed the value declared in the IAM policy. Default is None.
awscrt_log_levelawscrt.LogLevel | None, optional: The logging level for the AWS CRT library, e.g. awscrt.LogLevel.INFO. Default is None.

Other Parameters:

kwargsdict, optional: Optional keyword arguments for the boto3.session.Session object.

Notes

Gavin Adams at AWS was a major influence on this implementation. Thank you, Gavin!

get_identity() → dict[str, Any][source]#

Returns metadata about the current caller identity.

Returns:

Identity: Dict containing information about the current calleridentity.

Establishes an MQTT connection using the specified parameters.

Added in version 5.1.0.

Parameters:

endpoint: str: The MQTT endpoint to connect to.
client_id: str: The client ID to use for the MQTT connection.
transport: Transport: The transport protocol to use (e.g., “x509” or “ws”).
certificate: str | bytes | None, optional: The client certificate to use for the connection. Defaults to the session certificate.
private_key: str | bytes | None, optional: The private key to use for the connection. Defaults to the session private key.
ca: str | bytes | None, optional: The CA certificate to use for the connection. Defaults to the session CA certificate.
pkcs11: PKCS11 | None, optional: PKCS#11 configuration for hardware-backed keys. Defaults to the session PKCS#11 configuration.
region: str | None, optional: The AWS region to use for the connection. Defaults to the session region.
keep_alive_secs: int, optional: The keep-alive interval for the MQTT connection. Default is 60 seconds.
clean_start: bool, optional: Whether to start a clean session. Default is True.
port: int | None, optional: The port to use for the MQTT connection. Default is 8883 if not using ALPN, otherwise 443.
use_alpn: bool, optional: Whether to use ALPN for the connection. Default is False.

Returns:

awscrt.mqtt.Connection: The established MQTT connection.

property available_profiles[source]#: The profiles available to the session credentials

client(service_name, region_name=None, api_version=None, use_ssl=True, verify=None, endpoint_url=None, aws_access_key_id=None, aws_secret_access_key=None, aws_session_token=None, config=None, aws_account_id=None)[source]#

Create a low-level service client by name.

Parameters:

service_name (string) – The name of a service, e.g. ‘s3’ or ‘ec2’. You can get a list of available services via get_available_services.
region_name (string) – The name of the region associated with the client. A client is associated with a single region.
api_version (string) – The API version to use. By default, botocore will use the latest API version when creating a client. You only need to specify this parameter if you want to use a previous API version of the client.
use_ssl (boolean) – Whether or not to use SSL. By default, SSL is used. Note that not all services support non-ssl connections.
verify (boolean/string) –
Whether or not to verify SSL certificates. By default SSL certificates are verified. You can provide the following values:
- False - do not validate SSL certificates. SSL will still be used (unless use_ssl is False), but SSL certificates will not be verified.
- path/to/cert/bundle.pem - A filename of the CA cert bundle to uses. You can specify this argument if you want to use a different CA cert bundle than the one used by botocore.
endpoint_url (string) – The complete URL to use for the constructed client. Normally, botocore will automatically construct the appropriate URL to use when communicating with a service. You can specify a complete URL (including the “http/https” scheme) to override this behavior. If this value is provided, then use_ssl is ignored.
aws_access_key_id (string) – The access key to use when creating the client. This is entirely optional, and if not provided, the credentials configured for the session will automatically be used. You only need to provide this argument if you want to override the credentials used for this specific client.
aws_secret_access_key (string) – The secret key to use when creating the client. Same semantics as aws_access_key_id above.
aws_session_token (string) – The session token to use when creating the client. Same semantics as aws_access_key_id above.
config (botocore.client.Config) – Advanced client configuration options. If region_name is specified in the client config, its value will take precedence over environment variables and configuration values, but not over a region_name value passed explicitly to the method. See botocore config documentation for more details.
aws_account_id (string) – The account id to use when creating the client. Same semantics as aws_access_key_id above.

Returns:

Service client instance

property credentials: RefreshableTemporaryCredentials[source]#: The current temporary AWS security credentials.

property events[source]#: The event emitter for a session

get_available_partitions()[source]#

Lists the available partitions

Return type:: list
Returns:: Returns a list of partition names (e.g., [“aws”, “aws-cn”])

get_available_regions(service_name, partition_name='aws', allow_non_regional=False)[source]#

Lists the region and endpoint names of a particular partition.

The list of regions returned by this method are regions that are explicitly known by the client to exist and is not comprehensive. A region not returned in this list may still be available for the provided service.

Parameters:

service_name (string) – Name of a service to list endpoint for (e.g., s3).
partition_name (string) – Name of the partition to limit endpoints to. (e.g., aws for the public AWS endpoints, aws-cn for AWS China endpoints, aws-us-gov for AWS GovCloud (US) Endpoints, etc.)
allow_non_regional (bool) – Set to True to include endpoints that are not regional endpoints (e.g., s3-external-1, fips-us-gov-west-1, etc).

Returns:

Returns a list of endpoint names (e.g., [“us-east-1”]).

get_available_resources()[source]#

Get a list of available services that can be loaded as resource clients via Session.resource.

Return type:: list
Returns:: List of service names

get_available_services()[source]#

Get a list of available services that can be loaded as low-level clients via Session.client.

Return type:: list
Returns:: List of service names

get_credentials()[source]#: Return the botocore.credentials.Credentials object associated with this session. If the credentials have not yet been loaded, this will attempt to load them. If they have already been loaded, this will return the cached credentials.

get_partition_for_region(region_name)[source]#

Lists the partition name of a particular region.

Parameters:: region_name (string) – Name of the region to list partition for (e.g., us-east-1).
Return type:: string
Returns:: Returns the respective partition name (e.g., aws).

classmethod items() → dict[str, type][source]#: Typed accessor for introspection / debugging.

property profile_name[source]#: The read-only profile name.

refreshable_credentials() → RefreshableTemporaryCredentials[source]#

The current temporary AWS security credentials.

Returns:

RefreshableTemporaryCredentials

Temporary AWS security credentials containing:

AWS_ACCESS_KEY_IDstr: AWS access key identifier.
AWS_SECRET_ACCESS_KEYstr: AWS secret access key.
AWS_SESSION_TOKENstr: AWS session token.

property region_name[source]#: The read-only region name.

resource(service_name, region_name=None, api_version=None, use_ssl=True, verify=None, endpoint_url=None, aws_access_key_id=None, aws_secret_access_key=None, aws_session_token=None, config=None)[source]#

Create a resource service client by name.

Parameters:

service_name (string) – The name of a service, e.g. ‘s3’ or ‘ec2’. You can get a list of available services via get_available_resources.
region_name (string) – The name of the region associated with the client. A client is associated with a single region.
api_version (string) – The API version to use. By default, botocore will use the latest API version when creating a client. You only need to specify this parameter if you want to use a previous API version of the client.
use_ssl (boolean) – Whether or not to use SSL. By default, SSL is used. Note that not all services support non-ssl connections.
verify (boolean/string) –
Whether or not to verify SSL certificates. By default SSL certificates are verified. You can provide the following values:
- False - do not validate SSL certificates. SSL will still be used (unless use_ssl is False), but SSL certificates will not be verified.
- path/to/cert/bundle.pem - A filename of the CA cert bundle to uses. You can specify this argument if you want to use a different CA cert bundle than the one used by botocore.
endpoint_url (string) – The complete URL to use for the constructed client. Normally, botocore will automatically construct the appropriate URL to use when communicating with a service. You can specify a complete URL (including the “http/https” scheme) to override this behavior. If this value is provided, then use_ssl is ignored.
aws_access_key_id (string) – The access key to use when creating the client. This is entirely optional, and if not provided, the credentials configured for the session will automatically be used. You only need to provide this argument if you want to override the credentials used for this specific client.
aws_secret_access_key (string) – The secret key to use when creating the client. Same semantics as aws_access_key_id above.
aws_session_token (string) – The session token to use when creating the client. Same semantics as aws_access_key_id above.
config (botocore.client.Config) –
Advanced client configuration options. If region_name is specified in the client config, its value will take precedence over environment variables and configuration values, but not over a region_name value passed explicitly to the method. If user_agent_extra is specified in the client config, it overrides the default user_agent_extra provided by the resource API. See botocore config documentation for more details.

Returns:

Subclass of ServiceResource

boto3_refresh_session.methods.iot.IOTX509RefreshableSessionRefreshableSession#

This Page