def get_sts_token()

in handler.py [0:0]

• 30 lines of code
• 2 McCabe index (conditional complexity)

def get_sts_token(service):
    assumeRoleArn = get_secrets()["ahaassumerole"]
    boto3_client = None
    
    if "arn:aws:iam::" in assumeRoleArn:
        ACCESS_KEY = []
        SECRET_KEY = []
        SESSION_TOKEN = []
        
        sts_connection = boto3.client('sts')
        
        ct = datetime.now()
        role_session_name = "cross_acct_aha_session"
        
        acct_b = sts_connection.assume_role(
          RoleArn=assumeRoleArn,
          RoleSessionName=role_session_name,
          DurationSeconds=900,
        )
        
        ACCESS_KEY    = acct_b['Credentials']['AccessKeyId']
        SECRET_KEY    = acct_b['Credentials']['SecretAccessKey']
        SESSION_TOKEN = acct_b['Credentials']['SessionToken']
        
        # create service client using the assumed role credentials, e.g. S3
        boto3_client = boto3.client(
          service,
          config=config,
          aws_access_key_id=ACCESS_KEY,
          aws_secret_access_key=SECRET_KEY,
          aws_session_token=SESSION_TOKEN,
        )
        print("Running in member account deployment mode")
    else:
        boto3_client = boto3.client(service, config=config)
        print("Running in management account deployment mode")
    
    return boto3_client