
STS
***


boto.sts
========

boto.sts.connect_to_region(region_name, **kw_params)

   Given a valid region name, return a
   "boto.sts.connection.STSConnection".

   Type :
      str

   Parameters:
      **region_name** -- The name of the region to connect to.

   Return type:
      "boto.sts.connection.STSConnection" or "None"

   Returns:
      A connection to the given region, or None if an invalid region
      name is given

boto.sts.regions()

   Get all available regions for the STS service.

   Return type:
      list

   Returns:
      A list of "boto.regioninfo.RegionInfo" instances

class class boto.sts.STSConnection(aws_access_key_id=None, aws_secret_access_key=None, is_secure=True, port=None, proxy=None, proxy_port=None, proxy_user=None, proxy_pass=None, debug=0, https_connection_factory=None, region=None, path='/', converter=None, validate_certs=True)

   APIVersion = '2011-06-15'

   DefaultRegionEndpoint = 'sts.amazonaws.com'

   DefaultRegionName = 'us-east-1'

   assume_role(role_arn, role_session_name, policy=None, duration_seconds=None, external_id=None)

      Returns a set of temporary credentials that the caller can use
      to access resources that are allowed by the temporary
      credentials.  The credentials are valid for the duration that
      the caller specified, which can be from 15 minutes (900 seconds)
      to 1 hour (3600 seconds)

      Parameters:
         * **role_arn** (*str*) -- The Amazon Resource Name (ARN) of
           the role that the caller is assuming.

         * **role_session_name** (*str*) -- The session name of the
           temporary security credentials. The session name is part of
           the AssumedRoleUser.

         * **policy** (*str*) -- A supplemental policy that can be
           associated with the temporary security credentials. The
           caller can limit the permissions that are available on the
           role's temporary security credentials to maintain the least
           amount of privileges.  When a service call is made with the
           temporary security credentials, both policies (the role
           policy and supplemental policy) are checked.

         * **duration_seconds** (*int*) -- he duration, in seconds, of
           the role session. The value can range from 900 seconds (15
           minutes) to 3600 seconds (1 hour).  By default, the value
           is set to 3600 seconds.

         * **external_id** (*str*) -- A unique identifier that is used
           by third-party services to ensure that they are assuming a
           role that corresponds to the correct users. For third-party
           services that have access to resources across multiple AWS
           accounts, the unique client ID helps third-party services
           simplify access control verification.

      Returns:
         An instance of "boto.sts.credentials.AssumedRole"

   get_federation_token(name, duration=None, policy=None)

      Parameters:
         * **name** (*str*) -- The name of the Federated user
           associated with the credentials.

         * **duration** (*int*) -- The number of seconds the
           credentials should remain valid.

         * **policy** (*str*) -- A JSON policy to associate with these
           credentials.

   get_session_token(duration=None, force_new=False, mfa_serial_number=None, mfa_token=None)

      Return a valid session token.  Because retrieving new tokens
      from the Secure Token Service is a fairly heavyweight operation
      this module caches previously retrieved tokens and returns them
      when appropriate.  Each token is cached with a key consisting of
      the region name of the STS endpoint concatenated with the
      requesting user's access id.  If there is a token in the cache
      meeting with this key, the session expiration is checked to make
      sure it is still valid and if so, the cached token is returned.
      Otherwise, a new session token is requested from STS and it is
      placed into the cache and returned.

      Parameters:
         * **duration** (*int*) -- The number of seconds the
           credentials should remain valid.

         * **force_new** (*bool*) -- If this parameter is True, a new
           session token will be retrieved from the Secure Token
           Service regardless of whether there is a valid cached token
           or not.

         * **mfa_serial_number** (*str*) -- The serial number of an
           MFA device. If this is provided and if the mfa_passcode
           provided is valid, the temporary session token will be
           authorized with to perform operations requiring the MFA
           device authentication.

         * **mfa_token** (*str*) -- The 6 digit token associated with
           the MFA device.


boto.sts.credentials
====================

class class boto.sts.credentials.AssumedRole(connection=None, credentials=None, user=None)

   Variables:
      * **user** -- The assumed role user.

      * **credentials** -- A Credentials object containing the
        credentials.

   endElement(name, value, connection)

   startElement(name, attrs, connection)

class class boto.sts.credentials.Credentials(parent=None)

   Variables:
      * **access_key** -- The AccessKeyID.

      * **secret_key** -- The SecretAccessKey.

      * **session_token** -- The session token that must be passed
        with requests to use the temporary credentials

      * **expiration** -- The timestamp for when the credentials will
        expire

   endElement(name, value, connection)

   classmethod from_json(json_doc)

      Create and return a new Session Token based on the contents of a
      JSON document.

      Parameters:
         **json_doc** (*str*) -- A string containing a JSON document
         with a previously saved Credentials object.

   is_expired(time_offset_seconds=0)

      Checks to see if the Session Token is expired or not.  By
      default it will check to see if the Session Token is expired as
      of the moment the method is called.  However, you can supply an
      optional parameter which is the number of seconds of offset into
      the future for the check.  For example, if you supply a value of
      5, this method will return a True if the Session Token will be
      expired 5 seconds from this moment.

      Parameters:
         **time_offset_seconds** (*int*) -- The number of seconds into
         the future to test the Session Token for expiration.

   classmethod load(file_path)

      Create and return a new Session Token based on the contents of a
      previously saved JSON-format file.

      Parameters:
         **file_path** (*str*) -- The fully qualified path to the
         JSON-format file containing the previously saved Session
         Token information.

   save(file_path)

      Persist a Session Token to a file in JSON format.

      Parameters:
         **path** (*str*) -- The fully qualified path to the file
         where the the Session Token data should be written.  Any
         previous data in the file will be overwritten.  To help
         protect the credentials contained in the file, the
         permissions of the file will be set to readable/writable by
         owner only.

   startElement(name, attrs, connection)

   to_dict()

      Return a Python dict containing the important information about
      this Session Token.

class class boto.sts.credentials.FederationToken(parent=None)

   Variables:
      * **credentials** -- A Credentials object containing the
        credentials.

      * **federated_user_arn** -- ARN specifying federated user using
        credentials.

      * **federated_user_id** -- The ID of the federated user using
        credentials.

      * **packed_policy_size** -- A percentage value indicating the
        size of the policy in packed form

   endElement(name, value, connection)

   startElement(name, attrs, connection)

class class boto.sts.credentials.User(arn=None, assume_role_id=None)

   Variables:
      * **arn** -- The arn of the user assuming the role.

      * **assume_role_id** -- The identifier of the assumed role.

   endElement(name, value, connection)

   startElement(name, attrs, connection)
