in AccountCreationLambda.py [0:0]
def assume_role(account_id, account_role):
""" Assumes role to child account """
sts_client = boto3.client('sts')
role_arn = 'arn:aws:iam::' + account_id + ':role/' + account_role
assuming_role = True
print("Assuming Role . . .")
while assuming_role is True:
try:
assuming_role = False
assume_role_object = sts_client.assume_role(
RoleArn=role_arn,
RoleSessionName="NewAccountRole"
)
except botocore.exceptions.ClientError as exception:
assuming_role = True
print(exception)
print("Retrying...")
time.sleep(10)
# From the response that contains the assumed role, get the temporary
# credentials that can be used to make subsequent API calls
return assume_role_object['Credentials']