in source/ecs.py [0:0]
def assume_role(account_id, service, region):
role_name = os.environ['ROLENAME']
role_arn = f"arn:aws:iam::{account_id}:role/{role_name}" #OrganizationAccountAccessRole
sts_client = boto3.client('sts')
try:
#region = sts_client.meta.region_name
assumedRoleObject = sts_client.assume_role(
RoleArn=role_arn,
RoleSessionName="AssumeRoleRoot"
)
credentials = assumedRoleObject['Credentials']
client = boto3.client(
service,
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'],
region_name = region
)
return client
except ClientError as e:
logging.warning(f"Unexpected error Account {account_id}: {e}")
return None