Python Boto3 MFA与ACCESS_KEY_ID、ACCESS_KEY、SESSION_TOKEN和MFA建立连接，不传递RoleArn

问题描述

我们是否可以使用python boto3建立AWS连接来列出和获取具有临时会话的对象，并且只使用以下内容？并且不通过RoleArn？

_AWS_ACCESS_KEY_ID，

_AWS_SECRET_ACCESS_KEY，

_AWS_SESSION_TOKEN，

MFA代码

我只有以下临时会话，由于我没有角色Arn，我应该如何传递此会话

我还检查了帖子 boto3 sessions and aws_session_token management 但是所有人都在使用roleArn。

---

解决方案

通过运行此代码工作，它不需要RoleArn

import boto
from boto.s3.connection import S3Connection
from boto.sts import STSConnection

# Prompt for MFA time-based one-time password (TOTP)
mfa_TOTP = raw_input("Enter the MFA code: ")

# The calls to AWS STS GetSessionToken must be signed with the access key ID and secret
# access key of an IAM user. The credentials can be in environment variables or in 
# a configuration file and will be discovered automatically
# by the STSConnection() function. For more information, see the Python SDK 
# documentation: http://boto.readthedocs.org/en/latest/boto_config_tut.html

sts_connection = STSConnection()

# Use the appropriate device ID (serial number for hardware device or ARN for virtual device). 
# Replace ACCOUNT-NUMBER-WITHOUT-HYPHENS and MFA-DEVICE-ID with appropriate values.

tempCredentials = sts_connection.get_session_token(
    duration=3600,
    mfa_serial_number="&region-arn;iam::ACCOUNT-NUMBER-WITHOUT-HYPHENS:mfa/MFA-DEVICE-ID",
    mfa_token=mfa_TOTP
)

# Use the temporary credentials to list the contents of an S3 bucket
s3_connection = S3Connection(
    aws_access_key_id=tempCredentials.access_key,
    aws_secret_access_key=tempCredentials.secret_key,
    security_token=tempCredentials.session_token
)

# Replace BUCKET-NAME with an appropriate value.
bucket = s3_connection.get_bucket(bucket_name="BUCKET-NAME")
objectlist = bucket.list()
for obj in objectlist:
    print obj.name