mikha
asked on
programatic access to AWS resources?
I'm am new to AWS. will it be possible to connect to aws resource just by defining a role and a policy, without adding a user.
I went through an example of creating a user, assigning a policy and then generating a access and secret key.
Question : is it possible to achieve, such programatic access without defining a user? any code samples would be helpful
I went through an example of creating a user, assigning a policy and then generating a access and secret key.
Question : is it possible to achieve, such programatic access without defining a user? any code samples would be helpful
import json
from elasticsearch import Elasticsearch, RequestsHttpConnection
from requests_aws4auth import AWS4Auth
my_region = 'us-east-1'
my_service = 'es'
my_eshost = 'search-mydomain-akjdfkdjfkadjkdj.us-east-1.es.amazonaws.com'
aws_auth = AWS4Auth( 'AOIEFAFKAK','+7mMoIpn/SLJD+q8cnSMQ1jATXQGdkfjakldGwU6u', my_region, my_service)
es = Elasticsearch(hosts = [{'host': my_eshost, 'port': 443}],
http_auth=aws_auth, use_ssl=True, verify_certs=True, connection_class=RequestsHttpConnection)
print(json.dumps(es.info(), indent=2))
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Correct if you are programming outside your aws environment you will need to have an access key in order to access the aws resource. Inside your aws environment you can use roles.
ASKER
@Adelaido - sorry, i had follow up question. I can open a new question, if i need to .
my question is - if a user is logging in via SAML, and as a federated user with in organization, as explained here https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html . is it possible to set a programatic access , on this federated user ( this user is actually an IAM role) .
my question is - if a user is logging in via SAML, and as a federated user with in organization, as explained here https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html . is it possible to set a programatic access , on this federated user ( this user is actually an IAM role) .
I haven't had a chance to play around with SAML or Identity Federation, but it looks like you might be able to give users temporary access using AWS STS (AWS Security Token Service) in your scripts.
"You can manage your user identities in an external system outside of AWS and grant users who sign in from those systems access to perform AWS tasks and access your AWS resources. "
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
Feel free to post your question as a new question in case other people have had experience with SAML and Federation.
Hope this helps.
"You can manage your user identities in an external system outside of AWS and grant users who sign in from those systems access to perform AWS tasks and access your AWS resources. "
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
Feel free to post your question as a new question in case other people have had experience with SAML and Federation.
Hope this helps.
ASKER
@Adelaido Jimenez - thanks.
ASKER
so without creating a user, there isn't a way to push documents to elastic search service from a local machine.