Skip to content

Reference

Session Class

Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
class IAMRolesAnywhereSession:
    def __init__(
        self,
        profile_arn: str,
        role_arn: str,
        trust_anchor_arn: str,
        certificate: Union[str, bytes],
        private_key: Union[str, bytes],
        certificate_chain: Optional[Union[str, bytes]] = None,
        private_key_passphrase: Optional[str] = None,
        session_duration: Optional[int] = 3600,
        region: Optional[str] = "us-east-1",
        service_name: Optional[str] = "rolesanywhere",
        endpoint: Optional[str] = None,
        proxies: Optional[ProxyConfig] = {},
        proxies_config: Optional[AdditionalProxyConfig] = {},
    ) -> None:
        # IAM Roles Anywhere variables

        self.profile_arn = profile_arn
        self.role_arn = role_arn
        self.trust_anchor_arn = trust_anchor_arn
        self.session_duration = session_duration
        self.region_name = region
        self.service_name = service_name
        self.endpoint = (
            endpoint or f"{self.service_name}.{self.region_name}.amazonaws.com"
        )

        # Certificates loading
        self.certificate = certificate
        self.certificate_chain = certificate_chain

        # Private key loading
        self.private_key_passphrase = private_key_passphrase
        self.private_key = private_key

        self.proxies = proxies
        self.proxies_config = proxies_config
        self._session = URLLib3Session(
            proxies=self.proxies, proxies_config=self.proxies_config
        )

        self._request_signer = IAMRolesAnywhereSigner(
            certificate=self.certificate,
            private_key=self.private_key,
            certificate_chain=self.certificate_chain,
            private_key_passphrase=self.private_key_passphrase,
            region=self.region_name,
            service_name=self.service_name,
        )

    def get_session(self, **kwargs) -> Session:
        """Get a botocore session

        Args:
            kwargs (dict): Key value of configuration parameter for Session object

        Returns:
            Session: Botocore session object
        """
        session = get_botocore_session()
        session._credentials = self.get_refreshable_credentials()

        # Default session region
        session.set_config_variable("region", self.region_name)

        # Set proxy configuration
        session.set_config_variable("proxies", self.proxies)
        session.set_config_variable("proxies_config", self.proxies_config)

        for k, v in kwargs.items():
            session.set_config_variable(k, v)
        return Session(botocore_session=session)

    def get_refreshable_credentials(self) -> DeferredRefreshableCredentials:
        """Return refreshable credentials

        Returns:
            DeferredRefreshableCredentials: set credentials needed to authentificate requests. Credentials will be auto refreshed when needed.
        """

        return DeferredRefreshableCredentials(
            refresh_using=self.__get_credentials, method="custom-roles-anywhere"
        )

    def __get_credentials(self) -> IAMCredentials:
        """Compute and make the request to rolesanywhere endpoint to retrieve IAM Credentials

        Returns:
            dict: Dict of AWS Credentials acquired from rolesanywhere: {
                "access_key": accessKeyId,
                "secret_key": secretAccessKey,
                "token": sessionToken,
                "expiry_time": expirationTime,
            }
        """

        method = "POST"

        url = f"https://{self.endpoint}/sessions"

        data = {
            "durationSeconds": self.session_duration,
            "profileArn": self.profile_arn,
            "roleArn": self.role_arn,
            "trustAnchorArn": self.trust_anchor_arn,
        }

        # Generate a HTTP Request
        credentials_request = AWSRequest(method=method, url=url, data=json.dumps(data))

        # Add auth to request
        self._request_signer.add_auth(credentials_request)

        # Make the request
        credentials_request_resp: AWSResponse = self._session.send(
            credentials_request.prepare()
        )

        log.debug(credentials_request_resp.text)

        # Load the results
        credentials_request_response_text = json.loads(credentials_request_resp.text)
        if credentials_request_resp.status_code > 299:
            log.error(credentials_request_response_text["message"])
            raise Exception(credentials_request_response_text["message"])

        aws_creds = (
            credentials_request_response_text
            .get("credentialSet")[0]
            .get("credentials")
        )

        return {
            "access_key": aws_creds.get("accessKeyId"),
            "secret_key": aws_creds.get("secretAccessKey"),
            "token": aws_creds.get("sessionToken"),
            "expiry_time": aws_creds.get("expiration"),
        }

__get_credentials()

Compute and make the request to rolesanywhere endpoint to retrieve IAM Credentials

Returns:

Name Type Description
dict IAMCredentials

Dict of AWS Credentials acquired from rolesanywhere: { "access_key": accessKeyId, "secret_key": secretAccessKey, "token": sessionToken, "expiry_time": expirationTime,
IAMCredentials

}
Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
def __get_credentials(self) -> IAMCredentials:
    """Compute and make the request to rolesanywhere endpoint to retrieve IAM Credentials

    Returns:
        dict: Dict of AWS Credentials acquired from rolesanywhere: {
            "access_key": accessKeyId,
            "secret_key": secretAccessKey,
            "token": sessionToken,
            "expiry_time": expirationTime,
        }
    """

    method = "POST"

    url = f"https://{self.endpoint}/sessions"

    data = {
        "durationSeconds": self.session_duration,
        "profileArn": self.profile_arn,
        "roleArn": self.role_arn,
        "trustAnchorArn": self.trust_anchor_arn,
    }

    # Generate a HTTP Request
    credentials_request = AWSRequest(method=method, url=url, data=json.dumps(data))

    # Add auth to request
    self._request_signer.add_auth(credentials_request)

    # Make the request
    credentials_request_resp: AWSResponse = self._session.send(
        credentials_request.prepare()
    )

    log.debug(credentials_request_resp.text)

    # Load the results
    credentials_request_response_text = json.loads(credentials_request_resp.text)
    if credentials_request_resp.status_code > 299:
        log.error(credentials_request_response_text["message"])
        raise Exception(credentials_request_response_text["message"])

    aws_creds = (
        credentials_request_response_text
        .get("credentialSet")[0]
        .get("credentials")
    )

    return {
        "access_key": aws_creds.get("accessKeyId"),
        "secret_key": aws_creds.get("secretAccessKey"),
        "token": aws_creds.get("sessionToken"),
        "expiry_time": aws_creds.get("expiration"),
    }

get_refreshable_credentials()

Return refreshable credentials

Returns:

Name Type Description
DeferredRefreshableCredentials DeferredRefreshableCredentials

set credentials needed to authentificate requests. Credentials will be auto refreshed when needed.
Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
163
164
165
166
167
168
169
170
171
172
def get_refreshable_credentials(self) -> DeferredRefreshableCredentials:
    """Return refreshable credentials

    Returns:
        DeferredRefreshableCredentials: set credentials needed to authentificate requests. Credentials will be auto refreshed when needed.
    """

    return DeferredRefreshableCredentials(
        refresh_using=self.__get_credentials, method="custom-roles-anywhere"
    )

get_session(**kwargs)

Get a botocore session

Parameters:

Name Type Description Default
kwargs dict

Key value of configuration parameter for Session object

 {}

Returns:

Name Type Description
Session Session

Botocore session object
Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
def get_session(self, **kwargs) -> Session:
    """Get a botocore session

    Args:
        kwargs (dict): Key value of configuration parameter for Session object

    Returns:
        Session: Botocore session object
    """
    session = get_botocore_session()
    session._credentials = self.get_refreshable_credentials()

    # Default session region
    session.set_config_variable("region", self.region_name)

    # Set proxy configuration
    session.set_config_variable("proxies", self.proxies)
    session.set_config_variable("proxies_config", self.proxies_config)

    for k, v in kwargs.items():
        session.set_config_variable(k, v)
    return Session(botocore_session=session)

Signer Class

Bases: SigV4Auth

Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
class IAMRolesAnywhereSigner(SigV4Auth):
    def __init__(
        self,
        certificate: Union[str, bytes],
        private_key: Union[str, bytes],
        certificate_chain: Optional[Union[str, bytes]] = None,
        private_key_passphrase: Optional[str] = None,
        region: Optional[str] = "us-east-1",
        service_name: Optional[str] = "rolesanywhere",
    ) -> None:
        # Certificates loading
        self.certificate = self.__load_certificate(certificate)
        self.certificate_chain = (
            self.__load_certificate_chain(certificate_chain)
            if certificate_chain
            else None
        )

        # Private key loading
        self.private_key_passphrase = (
            private_key_passphrase.encode() if private_key_passphrase else None
        )
        self.private_key = self.__load_private_key(
            private_key, self.private_key_passphrase
        )
        self.private_key_type = self.__get_privatekey_type()

        super().__init__(
            credentials=None, service_name=service_name, region_name=region
        )

    def add_auth(self, request: AWSRequest) -> None:
        datetime_now = datetime.utcnow()
        request.context["timestamp"] = datetime_now.strftime(SIGV4_TIMESTAMP)

        self._modify_request_before_signing(request)
        canonical_request = self.canonical_request(request)

        log.debug("Calculating signature using v4 auth.")
        log.debug("CanonicalRequest:\n%s", canonical_request)
        string_to_sign = self.string_to_sign(request, canonical_request)

        log.debug("StringToSign:\n%s", string_to_sign)

        signature = self.signature(string_to_sign)
        log.debug("Signature:\n%s", signature)

        self._inject_signature_to_request(request, signature)

    def _inject_signature_to_request(
        self, request: AWSRequest, signature: str
    ) -> AWSRequest:
        x509_serial_number = "%d" % self.certificate.serial_number

        auth_str = [
            f"{self.algorithm} Credential={x509_serial_number}/%s" % self.scope(request)
        ]
        headers_to_sign = self.headers_to_sign(request)
        auth_str.append(f"SignedHeaders={self.signed_headers(headers_to_sign)}")
        auth_str.append("Signature=%s" % signature)
        request.headers["Authorization"] = ", ".join(auth_str)
        return request

    def signature(self, string_to_sign) -> str:
        return crypto.sign(
            self.private_key, (string_to_sign).encode("utf-8"), "sha256"
        ).hex()

    def scope(self, request: AWSRequest) -> str:
        scope = []
        scope.append(request.context["timestamp"][0:8])
        scope.append(self._region_name)
        scope.append(self._service_name)
        scope.append("aws4_request")
        return "/".join(scope)

    def string_to_sign(self, request: AWSRequest, canonical_request: str) -> str:
        """
        Return the canonical StringToSign as well as a dict
        containing the original version of all headers that
        were included in the StringToSign.
        """
        sts = [self.algorithm]
        sts.append(request.context["timestamp"])  # amz date
        sts.append(self.credential_scope(request))
        sts.append(hashlib.sha256(canonical_request.encode("utf-8")).hexdigest())
        return "\n".join(sts)

    def _modify_request_before_signing(self, request: AWSRequest) -> None:
        request.headers[
            "Host"
        ] = f"{self._service_name}.{self._region_name}.amazonaws.com"
        request.headers["Content-Type"] = "application/x-amz-json-1.0"
        self._set_necessary_date_headers(request)
        request.headers["X-Amz-X509"] = self.__encode_to_der(self.certificate)

        if self.certificate_chain is not None:
            request.headers["X-Amz-X509-Chain"] = self.__encode_to_der(
                self.certificate_chain
            )

    @staticmethod
    def __encode_to_der(cert: Union[x509.Certificate, List[x509.Certificate]]) -> str:
        """Encode certificate or chain to der

        Args:
            cert (Union[x509.Certificate, List[x509.Certificate]]): Representation of the certificate(s) in PEM format.

        Returns:
            str: return the certificate(s) encoded in der format
        """

        def encode_der(certificate):
            return (
                base64.b64encode(certificate.public_bytes(serialization.Encoding.DER))
                .decode("utf-8")
                .strip()
            )

        if isinstance(cert, x509.Certificate):
            return encode_der(cert)

        _certs = [encode_der(crt) for crt in cert]
        return ",".join(_certs)

    @staticmethod
    def __load_certificate_chain(
        certificate_chain: Union[str, bytes]
    ) -> List[x509.Certificate]:
        """Load a certificate chain

        Args:
            certificate_chain (Union[str, bytes]): Representation of the certificate chain in PEM format.

        Returns:
            List[x509.Certificate]: return a list of certificate
        """

        if isinstance(certificate_chain, bytes):
            return x509.load_pem_x509_certificates(certificate_chain)

        with open(certificate_chain, "rb") as cert_chain_pem_file:
            return x509.load_pem_x509_certificates(cert_chain_pem_file.read())

    @staticmethod
    def __load_certificate(certificate: Union[str, bytes]) -> x509.Certificate:
        """Load the certificate

        Args:
            certificate (Union[str, bytes]): Representation of the certificate in PEM format.

        Returns:
            x509.Certificate: return the certificate
        """
        if isinstance(certificate, bytes):
            return x509.load_pem_x509_certificate(certificate, default_backend())

        with open(certificate, "rb") as cert_pem_file:
            return x509.load_pem_x509_certificate(
                cert_pem_file.read(), default_backend()
            )

    @staticmethod
    def __load_private_key(
        private_key: Union[str, bytes], passphrase: Optional[str] = None
    ) -> PKey:
        """Load the private key

        Args:
            private_key (Union[str, bytes]): Representation of the private key in PEM format.

        Returns:
            PKey: return a Pkey object
        """
        if isinstance(private_key, bytes):
            return crypto.load_privatekey(
                crypto.FILETYPE_PEM, private_key, passphrase=passphrase
            )
        with open(private_key, "rb") as private_key:
            return crypto.load_privatekey(
                crypto.FILETYPE_PEM, private_key.read(), passphrase=passphrase
            )

    def __get_privatekey_type(self) -> str:
        """Get the private key type and raise an error for unsupported type

        Raises:
            Exception: Private key is not supported
            Exception: The object provided is not a PKey object

        Returns:
            str: Type of the key, RSA or ECDSA.
        """
        if isinstance(self.private_key, PKey):
            if self.private_key.type() == crypto.TYPE_EC:
                return "ECDSA"
            elif self.private_key.type() == crypto.TYPE_RSA:
                return "RSA"
            else:
                raise Exception("Private Key type is not supported")
        else:
            raise Exception("Object is not a Pkey instance")

    @property
    def algorithm(self) -> str:
        return f"AWS4-X509-{self.private_key_type}-{self.certificate.signature_hash_algorithm.name.upper()}"

__encode_to_der(cert) staticmethod

Encode certificate or chain to der

Parameters:

Name Type Description Default
cert Union[x509.Certificate, List[x509.Certificate]]

Representation of the certificate(s) in PEM format.

 required

Returns:

Name Type Description
str str

return the certificate(s) encoded in der format
Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
@staticmethod
def __encode_to_der(cert: Union[x509.Certificate, List[x509.Certificate]]) -> str:
    """Encode certificate or chain to der

    Args:
        cert (Union[x509.Certificate, List[x509.Certificate]]): Representation of the certificate(s) in PEM format.

    Returns:
        str: return the certificate(s) encoded in der format
    """

    def encode_der(certificate):
        return (
            base64.b64encode(certificate.public_bytes(serialization.Encoding.DER))
            .decode("utf-8")
            .strip()
        )

    if isinstance(cert, x509.Certificate):
        return encode_der(cert)

    _certs = [encode_der(crt) for crt in cert]
    return ",".join(_certs)

__get_privatekey_type()

Get the private key type and raise an error for unsupported type

Raises:

Type Description
Exception

Private key is not supported
Exception

The object provided is not a PKey object

Returns:

Name Type Description
str str

Type of the key, RSA or ECDSA.
Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
def __get_privatekey_type(self) -> str:
    """Get the private key type and raise an error for unsupported type

    Raises:
        Exception: Private key is not supported
        Exception: The object provided is not a PKey object

    Returns:
        str: Type of the key, RSA or ECDSA.
    """
    if isinstance(self.private_key, PKey):
        if self.private_key.type() == crypto.TYPE_EC:
            return "ECDSA"
        elif self.private_key.type() == crypto.TYPE_RSA:
            return "RSA"
        else:
            raise Exception("Private Key type is not supported")
    else:
        raise Exception("Object is not a Pkey instance")

__load_certificate(certificate) staticmethod

Load the certificate

Parameters:

Name Type Description Default
certificate Union[str, bytes]

Representation of the certificate in PEM format.

 required

Returns:

Type Description
x509.Certificate

x509.Certificate: return the certificate
Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
@staticmethod
def __load_certificate(certificate: Union[str, bytes]) -> x509.Certificate:
    """Load the certificate

    Args:
        certificate (Union[str, bytes]): Representation of the certificate in PEM format.

    Returns:
        x509.Certificate: return the certificate
    """
    if isinstance(certificate, bytes):
        return x509.load_pem_x509_certificate(certificate, default_backend())

    with open(certificate, "rb") as cert_pem_file:
        return x509.load_pem_x509_certificate(
            cert_pem_file.read(), default_backend()
        )

__load_certificate_chain(certificate_chain) staticmethod

Load a certificate chain

Parameters:

Name Type Description Default
certificate_chain Union[str, bytes]

Representation of the certificate chain in PEM format.

 required

Returns:

Type Description
List[x509.Certificate]

List[x509.Certificate]: return a list of certificate
Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
@staticmethod
def __load_certificate_chain(
    certificate_chain: Union[str, bytes]
) -> List[x509.Certificate]:
    """Load a certificate chain

    Args:
        certificate_chain (Union[str, bytes]): Representation of the certificate chain in PEM format.

    Returns:
        List[x509.Certificate]: return a list of certificate
    """

    if isinstance(certificate_chain, bytes):
        return x509.load_pem_x509_certificates(certificate_chain)

    with open(certificate_chain, "rb") as cert_chain_pem_file:
        return x509.load_pem_x509_certificates(cert_chain_pem_file.read())

__load_private_key(private_key, passphrase=None) staticmethod

Load the private key

Parameters:

Name Type Description Default
private_key Union[str, bytes]

Representation of the private key in PEM format.

 required

Returns:

Name Type Description
PKey PKey

return a Pkey object
Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
@staticmethod
def __load_private_key(
    private_key: Union[str, bytes], passphrase: Optional[str] = None
) -> PKey:
    """Load the private key

    Args:
        private_key (Union[str, bytes]): Representation of the private key in PEM format.

    Returns:
        PKey: return a Pkey object
    """
    if isinstance(private_key, bytes):
        return crypto.load_privatekey(
            crypto.FILETYPE_PEM, private_key, passphrase=passphrase
        )
    with open(private_key, "rb") as private_key:
        return crypto.load_privatekey(
            crypto.FILETYPE_PEM, private_key.read(), passphrase=passphrase
        )

string_to_sign(request, canonical_request)

Return the canonical StringToSign as well as a dict containing the original version of all headers that were included in the StringToSign.

Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
306
307
308
309
310
311
312
313
314
315
316
def string_to_sign(self, request: AWSRequest, canonical_request: str) -> str:
    """
    Return the canonical StringToSign as well as a dict
    containing the original version of all headers that
    were included in the StringToSign.
    """
    sts = [self.algorithm]
    sts.append(request.context["timestamp"])  # amz date
    sts.append(self.credential_scope(request))
    sts.append(hashlib.sha256(canonical_request.encode("utf-8")).hexdigest())
    return "\n".join(sts)

Typed Dict

Bases: TypedDict

A dictionary of proxy servers to use by protocol or endpoint

Parameters:

Name Type Description Default
http_proxy str

http proxy server with port

 required
https_proxy str

https proxy server with port

 required

Examples:

{'https': "http://URL:PORT", 'http': "http://URL:PORT"}

Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
49
50
51
52
53
54
55
56
57
58
59
60
61
62
class ProxyConfig(TypedDict):
    """A dictionary of proxy servers to use by protocol or
        endpoint

    Args:
        http_proxy (str): http proxy server with port
        https_proxy (str): https proxy server with port

    Examples:
        `{'https': "http://URL:PORT", 'http': "http://URL:PORT"}`
    """

    http_proxy: str
    https_proxy: str

Bases: TypedDict

A dictionary of additional proxy configurations.

Parameters:

Name Type Description Default
* proxy_ca_bundle (str

-- The path to a custom certificate bundle to use when establishing SSL/TLS connections with proxy.

 required
* proxy_client_cert (str,tuple

-- The path to a certificate for proxy TLS client authentication. When a str is provided it is treated as a path to a proxy client certificate. When a two element tuple is provided, it will be interpreted as the path to the client certificate, and the path to the certificate key.

 required
* proxy_use_forwarding_for_http (bool

-- For HTTPS proxies, forward your requests to HTTPS destinations with an absolute URI. We strongly recommend you only use this option with trusted or corporate proxies. Value must be boolean.

 required
Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
class AdditionalProxyConfig(TypedDict):
    """A dictionary of additional proxy configurations.

    Args:
        * proxy_ca_bundle (str): -- The path to a custom certificate bundle to use
            when establishing SSL/TLS connections with proxy.
        * proxy_client_cert (str,tuple): -- The path to a certificate for proxy
          TLS client authentication.
          When a str is provided it is treated as a path to a proxy client
          certificate. When a two element tuple is provided, it will be
          interpreted as the path to the client certificate, and the path
          to the certificate key.
        * proxy_use_forwarding_for_http (bool): -- For HTTPS proxies,
          forward your requests to HTTPS destinations with an absolute
          URI. We strongly recommend you only use this option with
          trusted or corporate proxies. Value must be boolean.
    """

    proxy_ca_bundle: str
    proxy_client_cert: Union[str, tuple]
    proxy_use_forwarding_for_https: bool

Bases: TypedDict

IAMCredentials.

Source code in iam_rolesanywhere_session/iam_rolesanywhere_session.py 
40
41
42
43
44
45
46
class IAMCredentials(TypedDict):
    """IAMCredentials."""

    access_key: str
    secret_key: str
    token: str
    expiry_time: str