in modular_sdk/services/impl/maestro_credentials_service.py [0:0]
def _get_aws_credentials_from_role(self, application: Application,
tenant: Optional[Tenant] = None,
) -> Optional[AWSCredentials]:
meta = AWSRoleApplicationMeta.from_dict(application.meta.as_dict())
role = meta.roleName
account_id = tenant.project if tenant else meta.accountNumber
if not role:
return
role_arn = self._sts_service.build_role_arn(role, account_id)
try:
creds = self._sts_service.assume_role(
role_arn=role_arn,
duration=3600,
role_session_name=f'credentials-service-{str(int(time()))}'
)
return AWSCredentials(
AWS_ACCESS_KEY_ID=creds['aws_access_key_id'],
AWS_SECRET_ACCESS_KEY=creds['aws_secret_access_key'],
AWS_SESSION_TOKEN=creds['aws_session_token'],
AWS_DEFAULT_REGION=self._default_aws_region()
)
except (ClientError, ConnectionAbortedError) as e:
_LOG.warning(f'Error occurred trying to assume role: {role}. {e}')
return