Python: Using MFA Cache with boto3 and botocore

26 Jul 2020

I wanted to develop a CLI tool using boto3. If MFA is enabled, it will keep asking for a token every time application tries to create a new session. It is a bit annoying to enter the token every time. I found a way to reuse the credential cache.

We will need both boto3 and botocore modules. boto3 no longer has the ability to create a session alone from the cache.

#!/usr/bin/env python3
import os

from boto3 import Session
import botocore

PROFILE_NAME = 'staging'
REGION = 'eu-west-1'


def print_all_the_buckets(profile_name, region):
    boto_core_session = botocore.session.Session(
        profile=profile_name
    )

    provider = boto_core_session.get_component('credential_provider').get_provider('assume-role')

    cache = os.path.join(
        os.path.expanduser('~'),
        '.aws/' + profile_name + '/cache'
    )

    provider.cache = botocore.credentials.JSONFileCache(cache)

    boto_session = Session(
        botocore_session=boto_core_session,
        profile_name=profile_name
    )

    client = boto_session.client('s3', region_name=region)

    bucket_list = client.list_buckets()

    for bucket in bucket_list['Buckets']:
        print(bucket['Name'])


print_all_the_buckets(PROFILE_NAME, REGION)

Tags

  • python
  • aws
  • boto
  • credentials
  • cache