
This is a pretty unique situation, but noteworthy none the less. Let's say you have the following Python, to assume my-role. For more details on this, check out my article Amazon Web Services (AWS) - Assume Role or Switch Role using Python boto3.
#!/usr/bin/python3
import boto3
session = boto3.Session(profile_name="johndoe")
client = session.client('sts')
response = client.assume_role(
RoleArn="arn:aws:iam::123456789012:role/my-role",
RoleSessionName="AssumeRoleSession1"
)
print(response)
Assuming your system is properly configured to use Python boto3 and that user johndoe is permitted to assume my-role, running this Python script should return something like this.
~]$ python3 example.py
{
'Credentials': {
'AccessKeyId': 'ABD234DKND23DNDK09DK',
'SecretAccessKey': '2YhnHoeArkuTZsvkCj09sOUKT+vdCZltxpmi7LY4',
'SecretAccessKey': 'd34mnFKFM234,mdnsfp098i90+vdCZltxpmi7LY4',
'SessionToken': 'FwoGZXIvYXdzEOr//////////wEaDB1VUCTwlaqgAFS/SSK2AdXHsdfXLp5m6604vH7Cs9CkVvDJJWONEp5u6NfUJj654Ta+91m/lCYpWwrDOXyYZZBqFghGFLeEpyvvdfsdfs9cn8Eyg8zLci5MoaT8okdO+9l8ITt4XeV8VIGksNvjgVC1aIrZHRpFjEY0H5KDKJ7r8NyXzZlz/DhZFHYouJYsdfKth0v23SQURbDBqR1Tn2KzP/88Y4ZJC6GwIKP3j/LEGMi0kYKHR52hwiUvSYKXd8rvnP7zo8rF6+LBsKFQoIgX4XGEih/2KC8rL9ZgycLE=',
'Expiration': datetime.datetime(2024, 5, 11, 9, 53, 17, tzinfo=tzlocal())},
'AssumedRoleUser': {
'AssumedRoleId': 'MADSFA23420934823ASDF234:AssumeRoleSession1',
'Arn': 'arn:aws:sts::123456789012:assumed-role/my-role/AssumeRoleSession1'
},
'ResponseMetadata': {
'RequestId': '990a861b-6601-4659-aade-338e860da33c',
'HTTPStatusCode': 200,
'HTTPHeaders': {
'x-amzn-requestid': '990a861b-6601-4659-aade-338e860da33c',
'content-type': 'text/xml',
'content-length': '1077',
'date': 'Sat, 11 May 2024 08:53:16 GMT'
},
'RetryAttempts': 0
}
}
However, I was running into a situation where Python was hanging and when I did a keyboard interupt, I got the following.
]$ python3 testing.py
^CTraceback (most recent call last):
File "/usr/local/scripts/testing.py", line 7, in <module>
response = client.assume_role(
File "/home/jeremy/.local/lib/python3.9/site-packages/botocore/client.py", line 553, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/home/jeremy/.local/lib/python3.9/site-packages/botocore/client.py", line 989, in _make_api_call
http, parsed_response = self._make_request(
File "/home/jeremy/.local/lib/python3.9/site-packages/botocore/client.py", line 1015, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File "/home/jeremy/.local/lib/python3.9/site-packages/botocore/endpoint.py", line 119, in make_request
return self._send_request(request_dict, operation_model)
File "/home/jeremy/.local/lib/python3.9/site-packages/botocore/endpoint.py", line 199, in _send_request
success_response, exception = self._get_response(
File "/home/jeremy/.local/lib/python3.9/site-packages/botocore/endpoint.py", line 241, in _get_response
success_response, exception = self._do_get_response(
File "/home/jeremy/.local/lib/python3.9/site-packages/botocore/endpoint.py", line 281, in _do_get_response
http_response = self._send(request)
File "/home/jeremy/.local/lib/python3.9/site-packages/botocore/endpoint.py", line 377, in _send
return self.http_session.send(request)
File "/home/jeremy/.local/lib/python3.9/site-packages/botocore/httpsession.py", line 464, in send
urllib_response = conn.urlopen(
File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 381, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 978, in _validate_conn
conn.connect()
File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 309, in connect
conn = self._new_conn()
File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 159, in _new_conn
conn = connection.create_connection(
File "/usr/lib/python3.9/site-packages/urllib3/util/connection.py", line 74, in create_connection
sock.connect(sa)
KeyboardInterrupt
This was happening to me on an EC2 Instance in Private Subnet with VPC Endpoints. So, my EC2 instance only had a local route, and did not have an Internet Gateway or public NAT Gateway.
But I did have an Interface Endpoint with the com.amazonaws.us-east-1.sts (Security Token Service) in the same Virtual Private Cloud (VPC) as my EC2 instance, so I was a bit perplexed at to why my Python script was hanging when attempting to assume role using the STS client.
Long story short, I just had to add region_name and endpoint_url and problem solved!
#!/usr/bin/python3
import boto3
session = boto3.Session(profile_name="johndoe")
client = session.client(
'sts',
region_name='us-east-1',
endpoint_url="https://sts.us-east-1.amazonaws.com"
)
response = client.assume_role(
RoleArn="arn:aws:iam::123456789012:role/my-role",
RoleSessionName="AssumeRoleSession1"
)
print(response)
More details here:
Did you find this article helpful?
If so, consider buying me a coffee over at