Get a session token with Amazon STS using an Amazon SDK - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Get a session token with Amazon STS using an Amazon SDK

The following code example shows how to get a session token with Amazon STS and use it to perform a service action that requires an MFA token.

SDK for Python (Boto3)

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Get a session token by passing an MFA token and use it to list Amazon S3 buckets for the account.

def list_buckets_with_session_token_with_mfa(mfa_serial_number, mfa_totp, sts_client): """ Gets a session token with MFA credentials and uses the temporary session credentials to list Amazon S3 buckets. Requires an MFA device serial number and token. :param mfa_serial_number: The serial number of the MFA device. For a virtual MFA device, this is an Amazon Resource Name (ARN). :param mfa_totp: A time-based, one-time password issued by the MFA device. :param sts_client: A Boto3 STS instance that has permission to assume the role. """ if mfa_serial_number is not None: response = sts_client.get_session_token( SerialNumber=mfa_serial_number, TokenCode=mfa_totp) else: response = sts_client.get_session_token() temp_credentials = response['Credentials'] s3_resource = boto3.resource( 's3', aws_access_key_id=temp_credentials['AccessKeyId'], aws_secret_access_key=temp_credentials['SecretAccessKey'], aws_session_token=temp_credentials['SessionToken']) print(f"Buckets for the account:") for bucket in s3_resource.buckets.all(): print(
  • For API details, see GetSessionToken in Amazon SDK for Python (Boto3) API Reference.

For a complete list of Amazon SDK developer guides and code examples, see Using IAM with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.