arn icon indicating copy to clipboard operation
arn copied to clipboard
verified publisher icon instacart

Allow ARNs to retrieve region and account from Boto3 session

Open benkehoe opened this issue 5 years ago • 2 comments

A boto3 Session object has the Session.region_name field, and can call Session.client('sts').get_caller_identity() to discover the account in which it is operating (this call has no authorization check, so it is always allowed). When creating an ARN class, I should be able to tell it to use either the default session, or a session I provide, to discover these values (subject to whether the ARN needs those values, as covered in #7).

benkehoe avatar Aug 21 '20 02:08 benkehoe

Are you imagining it would behave like manually overriding those fields?

So:

SomeArn(
	"arn:aws:...",
    session=some_boto_session,
)

would be a shortcut for

SomeArn(
	"arn:aws:...",
    region=session.region_name,
    account=session.client("sts").get_caller_identity()["Account"]
)

?

Or did you have something else in mind?

francoiscampbell avatar Sep 04 '20 18:09 francoiscampbell

Yes, exactly that, though with two clarifications:

  • I think you should be able to do SomeArn("...", session='default') or =True or whatever and have it use boto3._get_default_session()
  • With #7 it should only extract those values if the ARN needs the region and/or account (so it's not precisely the shortcut you indicate)

benkehoe avatar Sep 04 '20 20:09 benkehoe