in src/release_artifacts_resources/ios/cdk/cdk/credential_rotation/lambda_functions/src/source_data_generator/aws_session_credential_source.py [0:0]
def generate_session_credentials(configuration: map, iam=None, sts=None) -> Dict[str, str]:
if not configuration:
raise RuntimeError("Configuration is required to generate session credentials")
iam_user_key = configuration["user_env_variable"]
iam_role_key = configuration["iam_role_env_variable"]
iam_username = os.environ.get(iam_user_key)
iam_role = os.environ.get(iam_role_key)
user_credentials: Tuple[str, str] = ()
session_credentials: Dict[str, str] = {}
try:
iam_client = iam or boto3.client("iam", region_name=REGION)
user_credentials = create_user_credentials(iam_username, iam=iam_client)
wait_for_user_credentials()
session_credentials = get_session_credentials(user_credentials, role_arn=iam_role, sts=sts)
finally:
if user_credentials:
iam_client.delete_access_key(UserName=iam_username, AccessKeyId=user_credentials[0])
return session_credentials