aws_assumerole.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import boto3
from boto3.session import Session
from pprint import pprint
def sts_assume_role(session, account_id, role_name):
role_arn = "arn:aws:iam::" + account_id + ":role/" + role_name
session_name = account_id + role_name
region = "ap-northeast-1"
client = session.client('sts')
response = client.assume_role(
RoleArn=role_arn,
RoleSessionName=session_name
)
session = Session(
aws_access_key_id = response['Credentials']['AccessKeyId'],
aws_secret_access_key = response['Credentials']['SecretAccessKey'],
aws_session_token = response['Credentials']['SessionToken'],
region_name = region
)
return session
session = Session(profile_name='login')
client = session.client('sts')
account_id = client.get_caller_identity()["Account"]
print("account_id:", account_id)
account_id = "1234567890"
role_name = "example-assumerole-readonly"
session2 = sts_assume_role(session, account_id,role_name)
client2 = session2.client('sts')
account_id2 = client2.get_caller_identity()["Account"]
print("account_id:", account_id2)