dxaws-base provides a foundation for other dxaws modules.
AWS Sessions#
Creating a new AWS session looks something like this:
Default Session (use SSO/profile/env)
aws = AwsSession(profile_name="control")
r53 = aws.client("route53")Assume role into workload account
aws_control = AwsSession(profile_name="control")
aws_workload = aws_control.assume_role(
AssumeRoleSpec(role_arn="arn:aws:iam::123456789012:role/dxaws-workload-admin")
)
r53 = aws_workload.client("route53")If STS creds rotate, don’t try to “refresh in place”. Do this instead:
- assume role again
- create a new AwsSession
- let the old session go out of scope/die naturally This keeps things simple and avoids weird half-expired behaviour.