We help IT Professionals succeed at work.
Private

programatic access to AWS resources?

mikha
mikha asked
on
133 Views
Last Modified: 2020-07-07
I'm am new to AWS.  will it be possible to connect to aws resource just by defining a role and a policy, without adding a user.

 I went through an example of creating a user, assigning a policy and then generating a access and secret key.

Question : is it possible to achieve, such programatic access without defining a user? any code samples would be helpful

import json
from elasticsearch import Elasticsearch, RequestsHttpConnection
from requests_aws4auth import AWS4Auth

my_region = 'us-east-1'
my_service = 'es'
my_eshost = 'search-mydomain-akjdfkdjfkadjkdj.us-east-1.es.amazonaws.com'


aws_auth = AWS4Auth( 'AOIEFAFKAK','+7mMoIpn/SLJD+q8cnSMQ1jATXQGdkfjakldGwU6u', my_region, my_service)

es = Elasticsearch(hosts = [{'host': my_eshost, 'port': 443}],
    http_auth=aws_auth, use_ssl=True, verify_certs=True, connection_class=RequestsHttpConnection)

print(json.dumps(es.info(), indent=2))

Open in new window

Comment
Watch Question

CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
@ Adelaido Jimenez - thanks for confirming. I had similar understanding. Also, using SDK , there is one for python as well, were the credentials are automatically generated ( i think) is a similar case , you described above, right?

so without creating a user, there isn't a way to push documents to elastic search service from a local machine.
CERTIFIED EXPERT

Commented:
Correct if you are programming outside your aws environment you will need to have an access key in order to access the aws resource. Inside your aws environment you can use roles. 

Author

Commented:
@Adelaido - sorry, i had follow up question. I can open a new question, if i need to .
 my question is - if a user is logging in via SAML, and as a federated user with in organization, as explained here https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html . is it possible to set a programatic access , on this federated user ( this user is actually an IAM role) .
CERTIFIED EXPERT

Commented:
I haven't had a chance to play around with SAML or Identity Federation, but it looks like you might be able to give users temporary access using AWS STS (AWS Security Token Service)  in your scripts.

"You can manage your user identities in an external system outside of AWS and grant users who sign in from those systems access to perform AWS tasks and access your AWS resources. "

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html 

Feel free to post your question as a new question in case other people have had experience with SAML and Federation.
Hope this helps.


Author

Commented:
@ Adelaido Jimenez - thanks.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.