Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Get a session token with Amazon STS using an Amazon SDK
The following code example shows how to get a session token with Amazon STS and use it to perform a service action that requires an MFA token.
- Python
-
- SDK for Python (Boto3)
-
Get a session token by passing an MFA token and use it to list Amazon S3 buckets for the account.
def list_buckets_with_session_token_with_mfa(mfa_serial_number, mfa_totp, sts_client):
"""
Gets a session token with MFA credentials and uses the temporary session
credentials to list Amazon S3 buckets.
Requires an MFA device serial number and token.
:param mfa_serial_number: The serial number of the MFA device. For a virtual MFA
device, this is an Amazon Resource Name (ARN).
:param mfa_totp: A time-based, one-time password issued by the MFA device.
:param sts_client: A Boto3 STS instance that has permission to assume the role.
"""
if mfa_serial_number is not None:
response = sts_client.get_session_token(
SerialNumber=mfa_serial_number, TokenCode=mfa_totp)
else:
response = sts_client.get_session_token()
temp_credentials = response['Credentials']
s3_resource = boto3.resource(
's3',
aws_access_key_id=temp_credentials['AccessKeyId'],
aws_secret_access_key=temp_credentials['SecretAccessKey'],
aws_session_token=temp_credentials['SessionToken'])
print(f"Buckets for the account:")
for bucket in s3_resource.buckets.all():
print(bucket.name)
For a complete list of Amazon SDK developer guides and code examples, see
Using IAM with an Amazon SDK.
This topic also includes information about getting started and details about previous SDK versions.