STS

boto.sts

boto.sts.connect_to_region(region_name, **kw_params)

Given a valid region name, return a boto.sts.connection.STSConnection.

Type:str
Parameters:region_name – The name of the region to connect to.
Return type:boto.sts.connection.STSConnection or None
Returns:A connection to the given region, or None if an invalid region name is given
boto.sts.regions()

Get all available regions for the STS service.

Return type:list
Returns:A list of boto.regioninfo.RegionInfo instances
class boto.sts.STSConnection(aws_access_key_id=None, aws_secret_access_key=None, is_secure=True, port=None, proxy=None, proxy_port=None, proxy_user=None, proxy_pass=None, debug=0, https_connection_factory=None, region=None, path='/', converter=None, validate_certs=True)
APIVersion = '2011-06-15'
DefaultRegionEndpoint = 'sts.amazonaws.com'
DefaultRegionName = 'us-east-1'
get_federation_token(name, duration=None, policy=None)
Parameters:
  • name (str) – The name of the Federated user associated with the credentials.
  • duration (int) – The number of seconds the credentials should remain valid.
  • policy (str) – A JSON policy to associate with these credentials.
get_session_token(duration=None, force_new=False, mfa_serial_number=None, mfa_token=None)

Return a valid session token. Because retrieving new tokens from the Secure Token Service is a fairly heavyweight operation this module caches previously retrieved tokens and returns them when appropriate. Each token is cached with a key consisting of the region name of the STS endpoint concatenated with the requesting user’s access id. If there is a token in the cache meeting with this key, the session expiration is checked to make sure it is still valid and if so, the cached token is returned. Otherwise, a new session token is requested from STS and it is placed into the cache and returned.

Parameters:
  • duration (int) – The number of seconds the credentials should remain valid.
  • force_new (bool) – If this parameter is True, a new session token will be retrieved from the Secure Token Service regardless of whether there is a valid cached token or not.
  • mfa_serial_number (str) – The serial number of an MFA device. If this is provided and if the mfa_passcode provided is valid, the temporary session token will be authorized with to perform operations requiring the MFA device authentication.
  • mfa_token (str) – The 6 digit token associated with the MFA device.

boto.sts.credentials

class boto.sts.credentials.Credentials(parent=None)
Variables:
  • access_key – The AccessKeyID.
  • secret_key – The SecretAccessKey.
  • session_token – The session token that must be passed with requests to use the temporary credentials
  • expiration – The timestamp for when the credentials will expire
endElement(name, value, connection)
classmethod from_json(json_doc)

Create and return a new Session Token based on the contents of a JSON document.

Parameters:json_doc (str) – A string containing a JSON document with a previously saved Credentials object.
is_expired(time_offset_seconds=0)

Checks to see if the Session Token is expired or not. By default it will check to see if the Session Token is expired as of the moment the method is called. However, you can supply an optional parameter which is the number of seconds of offset into the future for the check. For example, if you supply a value of 5, this method will return a True if the Session Token will be expired 5 seconds from this moment.

Parameters:time_offset_seconds (int) – The number of seconds into the future to test the Session Token for expiration.
classmethod load(file_path)

Create and return a new Session Token based on the contents of a previously saved JSON-format file.

Parameters:file_path (str) – The fully qualified path to the JSON-format file containing the previously saved Session Token information.
save(file_path)

Persist a Session Token to a file in JSON format.

Parameters:path (str) – The fully qualified path to the file where the the Session Token data should be written. Any previous data in the file will be overwritten. To help protect the credentials contained in the file, the permissions of the file will be set to readable/writable by owner only.
startElement(name, attrs, connection)
to_dict()

Return a Python dict containing the important information about this Session Token.

class boto.sts.credentials.FederationToken(parent=None)
Variables:
  • credentials – A Credentials object containing the credentials.
  • federated_user_arn – ARN specifying federated user using credentials.
  • federated_user_id – The ID of the federated user using credentials.
  • packed_policy_size – A percentage value indicating the size of the policy in packed form
endElement(name, value, connection)
startElement(name, attrs, connection)

Table Of Contents

Previous topic

SQS

Next topic

SWF

This Page